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(57) Abstract 

A secure cryptogr^ic networic is established among operational units 
(1(^, 110, 112, 114, 116. 118) m a system. A public key cryptosystcm is 
initially used to e^^lish secure communication links (128, 134, 136, 138). 
Then, each secure comraunication Unk will be provided with a unique private 
encryption key from a private key ciyptosystem. Every operottcmal unit in tiie 
system will ccmtain a secure <^ instated circuit (140). These secure chips 
will conqnise a ptogranmial^e proc^sar Bsad a read-only memory. A j^urality 
of pe^sonalizatifm stations (106) arc used to provide ca<* secure chip with a 
public/private encryption or ^gnature key pair. The secure chips will execute 
a program from the read-only memory on the secure <*lps to verify that the 
pi^ic^inivate key pair has been received ftom an authorized source (100, 
106). Badi seem <*tp wOl ste) be provided witfi a c^ahi of aumenticatlon 
certificates orlginatfa^ ftom a trusted aatfiority (100). ThepubHcs^Jaturekey 
of the trusted authority will be programmed Into the read-only memory of the 
secure drfp, for reltoble access to this information. When establishing a secure 
communication link between two operational units, each of the operational 
units win authenticate the other operational unit by verifying the content and 
source of «di of the authentication certificates in the respective chains. 
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APPARATUS AND METHOD FOR ESTAOLISItlNG A 
CRYPTOGRAPHIC LHSK BHWEEN ELEMENTS OF A SYSTEM 

Background of the Invention 

Field of the Invention 

5 The present mventton is in the field of cryptographic methods for establishing a cryptographic fink 

for communication of information between elements of a system. In particular, the present invention relates 
to a system and method for exchanging cryptographic keys between elements in a system to create a 
cryptographic network where each element of the system authenticates the other elements of the system 
with which it will communicate. 
10 Description of the Related Art 

A cryptographic system typically invoh^es the application of an encryption algorithm to a plain text 
message to create cipher text, which cannot be understood without performing a corresponding decryption 
function. A relatively simple cryptosystem utiFaes the same algorithm for both encryption and decryption 
functions. Using such a system requires that the algorithm be disseminated to elements of the system, 
15 without disclosing the algorithm to outsiders. 

A slightly more sophisticated cryptographic system will typically invohre an algorithm that op»-ates 
on a key to encrypt or decrypt messages, so that an outsider cannot decrypt a message without determining 
both the algorithm and the key. In such a system, selecting a new key is typically much easier than 
selecting a new algorithm. Thus, if the security of the system has been compromised, a secure path can 
20 be reestablished by securely transferring a new key, without having to develop a new algorithn. Herfce, the 
security of the system does not rely on the privacy of the algorithni. A cryptosystem of this type will be 
referred to as a private key cryptosystem. One such system, the "OES" system. Is cfeclosed in the "Data 
Encryptton Standard," Padaral Information Pracessino Standards Publication No. 46, January 15, 1977, which 
is incorporated herein by reference. Use of these prroate key systems, however, stin"requires that a key be 
25 privately communicated betvtfeen elements of the system, which typicaBy requires costly and time-consuming 
measures to ensure that out«ders do not intercept a message comaintng a new key. 

A ptAlic key cryptosystem provides a secure fink without having to privately transfer keys among 
elements of tiw system. Such a system invoWes a pair of Inverse transformations for encrypting and 
decrypting a message. Applying one of tiie transformations to dphertext that has been encrypted by the 
30 otiier transformation will yield tire original plain text message. Again, each of tire transformations can invoh/e 
tite application of a common algorithm to a unique key to provide a unique transformation. Thus, a first 
algoritiim and a first key combine to form a first transformation, while a second algorftiwn and a second key 
form a second transformation, where tite two transformations are inverse functions. 
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In a public key cryptosystem, each element in the system will have a pair of keys that, along with 
the appropriate algorithms, provide the inverse functions of encryption and decryption. One of the keys, the 
public key, is distributed to other elements in the system, without taking any measures to prevent outsiders 
from acquiring the key. The other key, the private key, is retained by the element to which the keys belong, 
5 and this key should not be disclosed for any reason. Thus, neither of the keys have to be privately 
communicated to other elements of the system. The algorithms and keys used in such a cryptosystem must 
be selected to render infeasible the determination of a private key, based on knowledge of the corresponding 
public key. The prior art discloses several thoroughly tested public key cryptosystems that meet these 
requirements. For example, U.S. Patent No. 4,405,829, issued to Rivest, et al., which is hereby incorporated 

10 by reference, discloses a well-known public key cryptosystem commonly referred to as the RSA cryptosystem. 

To further explain the use of a public key cryptosystem, suppose that elements A and B desire to 
establish a secure link. Element A will generate a public/private key pair, transmit the public key to element 
B, and retain the private key to itself. Element B will generate its own public/private key pair, transmit its 
public key to element A, and retain its own private key. If element A now wants to send a private message 

15 to element B, element A will encrypt a plaintext message using the public key of element B. The resulting 
ciphertext-can only be decrypted by using element B's private key. Because only element B has this private 
key, only element B can decrypt the ciphertext to obtain the original message. In the same manner, element 
B can send a private message to element A by encrypting the message with element A's public key. Thus, 
elements A and B have established a secure link by swapping public keys. 

20 The above description of the use of a public key cryptosystem allows for private transfer of 

messages between elements of a system. Another use of a public key cryptosystem allows elements of a 
system to verify the source of a message. In the above example, if element A encrypts a message with its 
own prhfate key and sends the message to element B, then element B can verify that the message came 
from element A by applying A's public key to decrypt the message. Any message that can be decrypted 

25 using A's public key must have been encrypted by A because only A has the corresponding private key. This 
use of a public key cryptosystem is called a digital signature system. Several public key cryptosystems have 
been developed specifically for this purpose. For example, the Digital Signature Standard (OSS), which is 
published by the National Institute of Standards and Technology (FIPS PUB XX, February 1, 1993), describes 
one such system. The OSS is also incorporated by reference. 

30 The two uses of public key cryptosystems described above can be referred to as "privacy" and 

"authentication," respecthrely. Both of these uses are subject to an important limitation. The privacy and 
authentication objectives can only be achieved if an element obtains the correct public key for the element 
with which it wishes to communicate, in the example described above, an outsider X may pretend to be a 
true element of the system, element C for example, and send a public key to element A. Element A, believing 
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the outsider to be etement C, mey send its public key to the outsider X. Then, if etement A intends to send 
a private message to element C. element A will encrypt the plahrtext ntessage using the pubfic key of the 
outsider X, befieving it to be the public key of etement C. Beraent A wiO then d^nsmit the ctptertext to 
the outsider X, again befiev'mg the outrfder X to be dement C. TTuis, the outsider can simply apply Its own 
5 private key to decipher the cipter text. In addition, outshter X can sign a message with Its own prwate key 
and send the message to etement A. Etement A will apply the pubRc key of outsider X, belfeving it to be 
the public key of clement C. Because the keys wBI correspond, etement A will befieve that the message was 
signed by element C. 

One sohition to the above-described probtem with pubfic key cryptosystems mvolves the use of 

10 certificates generated by a mutually trusted autiiority. In tiie exampte described above, assume tiiat each 
of tiie elements of the system will trust an authority T to recognize the different etements of the system* 
Each of the elements of the system can become authentic^d by the authority T. To obtain authentication, 
etenmnt A wiB provide Its public key to tfie authority T. After verifying ttiat the pubfic key belongs to 
etement A, the authorfty T wiH sign, using its own private key, a message cnittwmg the public * key of 

15 element A. The authority T will then provide tiiis slgr^ message, in the form of a certificate, tcai^wnent 
A, Etement A can now provide the certificate to other etements of tiia system to prove tiiat its pdllic key 
was recognbed by the authority T. ^ 

When attenpting to establish a secure link with another element, for exampte, etement B, etement 
A win transmit the certificate to etement B. Etement B will use the pubfic key of the authority T tosdecrypt 

20 the certificate and verify the public key of element A. Now, as long as element B can trust ttie^cision 
by authority T to authenticate the pubfic key of element A, element B can trust tiie results of iming the 
pubfic key of etement A for prroacy and authentication functions. However, if eteirent B does not have the 
true pubfic key of the authority T, then the security of the system may also be compromised. This is an 
important weakness in many existing cryptosystems. 

25 .In theory, a private key cryptosystem can serw the functions of prhracy and authentication very 

wen. However, in practice, many imptementations of the^ systems have been compromised Pirates are 
often v^ sopWsticated and will often go to great ten^ to break mto a cryptosystem. Many 
imptementations of wyptographic systems have rtifeed expensive security measires to safeguard against 
pirates. For exampte, systems are often set up to require that two ^recific peopte be prwent simultaneously 

30 to perform certain sensitnre functions. In many atuations, however, such saurity measiffes would be 
proh'rtiitlvely expendve. Consequently, many systenw for vtfWdi the market does not justify such expenditures 
are vulno^e to pirate attacks. 

In addition, a puMic key cryptosystem will only be secure, even In theory. If computing a private key, 
based on knowtedge of a corresponding pubfe key, computattonafly infeastble. Ahhough the prior art 
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discloses several systems that have been thoroughly tested, and appear to satisfy this requirement these 
systems also require substantial processing capabilities to originally generate a public/private key pair. 
Providing the required processing capabilities can again be prohibitively expensive, especially when a large 
number of public key pairs is required for a large number of units in a system. There is a need in the 

5 cryptography industry for a secure, but relatively inexpensive cryptographic system. 

Summary of the Invention 
The present invention comprises a method and apparatus for establishing a cryptographic network 
among a plurality of operational units in a system. In addition to the operational units, the system also 
comprises cryptographic units for establishing the cryptographic network. These cryptographic units comprise 

D a master key station (MKS), an MKS registration station (MKS-RS), an MKS personalization station (MKS PS) 
and a personalization station (PS). At least one of the operational units in the system will function as a 
registration station (RS). Typically there will be a number of PSs and a number of RSs distributed throughout 
a system. There may also be a separate operational unit associated with an RS, for which the RS performs 
registrations. Every unit in the system, except possibly the MKS, comprises a secure chip integrated circuit 

5 which, in turn, comprises a programmable processor and a read only memory (ROM). The method of the 
present invention generally involves an initialization of the MKS, a personalization of each of the secure chips 
that will be used in the system, and a registration of the operational units in the systent 

The MKS functions as a trusted authority and directly or indirectly authenticates every secure chip 
in the system. The MKS, along with the MKS-PS and the MKS-RS, will typically be located in a very secure 

) environment. First the MKS generates a public/private signature key pair for its own use, designated the 
MKS public signature key and the MKS private signature key. The MKS public signature key is programmed 
into the ROM of each secure chip when the secure chips are manufactured, so that each secure chip will 
have reliable access to the MKS public signature key. 

The MKS personalizes the secure chips for the PS, the MKS-PS and the MKS RS. During 

) personalization, a personaHzmg unit such as the MKS here, provides the secure chip with a public/private 
signature key pair, designated the SC public signature key and the SC private signature key. The 
personalizing unit also provides the secure chip with an authentication certificate. An authentication 
certificate generally contains the SC public signature key and a message indicating the functions that the 
secure chip has been authorized to perform by the personalizing unit Finally, the certificate is also signed 

) by the personalizing unit. Aft^ personalizing the secure chip, the personalizing unit deletes any copy of the 
SC private si^ature key that the personalizing unit has retained. Dur'mg personalization, the secure chip that 
is being personalized will execute a program that is contained within the ROM on the secure chip. The 
execution of this program will verify that the secure chip is being personalized by an authorized personalizing 
unit. If the personafizing unit ts not authorized, then the secure chip will abandon the personalization process. 
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After a secure chip has been successfully personalized, ttten the secure chip will execute a software locking 
routine that will prevent any future taniperino with the information that has been recehred by the secure chip 
during the personafeation process. The MKS authoriies the MKS-PS and the PS to personalize other secure 
chips; and the MKS authorizes the MKS-RS to leifeter operational units. When the secure chips for the PS. 
5 the MKS PS and the MKS-RS have been personalized, then these unite can be assembled. Electronic finks 
can be estabFished between these units and the MKS. Then all four of these units can begm to operate. 

The MKS PS and the PS wffl perainalne the remaining secure chips to be us«l in the system. Most 
of the secure chips will typically be personafized by the PS (or the multiple PSs). This can reduce the cost 
of the personaRzation process because the secure chips wiB not aH have to be transported to a single location 
10 for personafeation. Generally, the MKS-PS wiH only be used to personalize the secure chips of the 
operational units that are most sensitive to pirate attacks, including the RS. A similar rationale applies to 
the determination as to whether the MKS-RS or the RS (or the muhiple RSs) will regreter an operational unit. 
The personafeation process performed by the MKS PS will be similar to the personalization describe?!., above 
relative to the NBCS. The personalization process performed by the PS wiH also be similar to Uiat performed 
15 by the MKS, except that the ^re chips will also be provided with a pubfic/prwate encryption ^ pair, 
designated tiie public rekey key and the private rekey key. The public rekey key is im:hide(tsin the 
authentication certificate, along with the SC public signature key. i£ 

After all of tiie secure chips have been personafeed, then all of the operational units^f an be 
assembhid and etectrbnic links can be established between these operational units. However, the op^tional 
20 units WiH typrcally not be able to fully operate until some or all of the operational units have register witii 

either tiie RS or tin MKS-RS. ^ 

During registration of these operational units, ti» omt bemg repstered (tiia subject of registration) 
WiH provide its public rekey key and a chain of authentication certificates to tiie registering unit. The chain 
of certificates will comprise one certificate from the MKS, authenticating the PS. and one certificete from 

25 ti» PS, airthenticatfng tiie subject. The regfelering unit wUI autiienticate the subject by verifying tiie content 
ami source of tiwjse certificates. Next the regfetering unit will generate a private encryption key, designated 
a C8KEY. or a package of several keys, tiiat wiH be unique to tiie subject of the registration. The registering 
umt win encrypt tills CSKEY using tiie subjwt's public rekey key. The registermg unit will then send the 
em:rypted CSKEY and a chain of auttientication certificates to tiie subject The chain of certificates wi« 

30 comprise one certificate from tiw MKS, autiienticating tiie MKS-PS, ami one certificate from the MKS-PS, 
autiienticating ttie registering unit H tiie registering unit » tiie RS. Alternatively, if tite registering unit is 
tiw MKS-RS, ttien tiie chain of certificates wlB comprise one certificate from the MKS. autiienticating the 
MKS-RS. The subject of tite registration vtfffl autiienticate tiie reghaermg unit by verifying the content and 
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source of these certificates. The subject will also decrypt the CSKEY by applying the private rekey key of 
the subject. 

The MKS RS will be performing these registrations on behalf of the MKS. Also, as described above, 
the RS may be performing the registrations on behalf of another operational unit. If the registration is being 
5 performed on behalf of another unit, then the registering unit will securely transmit the unkiue CSKEY to that 
unit. Then the registering unit will delete any copy of the CSKEY that the registering unit has retained. If 
the registration was not performed on behalf of another unit, then the RS will retain the CSKEY. 

The registration of an operational unit establishes a secure link between the operational unit and the 
unit for which the registration was performed. Only these two units have access to the unique CSKEY, and 

10 so each of the units can encrypt and decrypt private messages using this key. This remote registration 
capability eliminates the "cradle to grave" tracking required by many prior art cryptographic systems. In the 
event that the CSKEYs of one or more secure devices are compromised, the secure devices can be 
commanded to register again rather than the expensive "smartcard" deployment required by many prior art 
cryptographic systems. The registration process can be performed once for every pair of units for which a 

15 secure electronic link is desired. The CSKEY can take the place of the unique keys installed during 
manufacture in many prior art cryptographic systems, especially those used in the cable and direct broadcast 
TV industry. 

The method and apparatus of the present invention provides significant advantages over prior art 
cryptographic systems. The present invention provides one or more personartzat'ton stations that generate 

20 public/prh/ate key pairs for operational units in the system, so that the operational units do not need to have 
the processing capability to generate their own key pairs. This provision can yield great cost savings for 
systems with numerous operational units. Also, for systems with relatively small operational units, this 
provision can greatly reduce the size of these units. 

The present invention also provides numerous relatively inexpensive security measures that are not 

25 disclosed by the prioc art. For example, the MKS public signature key is placed in ROM of the secure chips 
so that every unit in the system will have reliable access to this information. This (N'events pirates from 
imitating the MKS, without obtaining the MKS private signature key. A portion of the personalization routine 
is also placed in ROM of the secure chips so that pirates cannot personalize secure chips using an 
unauthorized personalizing unit, by bypassing the authentication and authorization checking functions of the 

30 personalization process. Another feature of the present invention is that each unit involved in both the 
personalization process and the registration process authenticates the opposing unit in the process. This 
significantly compncates the difficulty of a pirate breaking into a system, without significantly increasing the 
cost of rmplementifig and maintaining the system. The present invention also provides for remote registration 
of operational units to further reduce the cost of implementing and maintaining a cryptographic system. A 
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person of skiB in the art of cryptographic systems will recognize numerous other novel security measures 
from the detailed description of the preferred embodiment of the present invention. 

A furtiier aspect of the present invention is a method of establishing a cryptographic link between 
a registration station (RS) and an operational unit (OU) of a cryptogratJhic system, the system comprising the 
5 RS, the OU. a master key station (MIKS) and a personalization station (PS). The method generally comprbes 
initializing the MKS and the PS, personalizing the RS, personalizing the OU, and registering the OU with the 
RS. 

The MKS and the PS are initiafized by a method comprising the steps of: providing the MKS with 
an encryption/decryption key pair consisting of an MKS public signature key and an MKS private signature 

10 key; providing the PS with an encryption/decryption key pair consisting of a PS public signature key and a 
PS private signature key; providing the PS public signature key to the MKS; providing the MKS public 
signature key to the PS; creating a PS certificate in the MKS; and commuracatmg the PS certificate from 
the MKS to the PS. Where the PS certificate is created m the MKS by a method comprising the steps oh 
creating a message containing the PS pubfic signature key and an authorization for the PS to personalize the 

15 OU and signing the message with the MKS private signature key to create the PS certificate, xc 

The RS is personalized by a method comprising the steps of: communicating a first copy oftthe PS 
certificate to the RS; generating, in the PS, an encryption/decryption key pair for the RS consisting of an 
RS public signature key and an RS private signature key; securely communicating the RS private signature 
key from the PS to the RS; deleting the RS private signature key from the PS; creating an RS cratificate 

20 in the PS; and communicating the RS certificate from the PS to the RS. Where the RS certificate isacreated 
in the PS by a method comprising the steps of: creating a message containing the RS pubOc signature key 
and signing the message with the PS prwate signature key to create the RS certificate. 

The OU is personalized by a method comprising the steps of: communicating a second copy of the 
PS certificate to the OU; providing the MKS public signature key to the OU; verifyihg in the OU that tf» 

25 second copy of tije PS certificate was signed by the MKS by applying the MKS public signature key; 
verifying in tiie OU that the second copy of tiie PS certificate authorizes the PS to personalize tiie OU; 
generating an encryption/decryption key pair m the PS for the OU, the encryption/decryption key pair 
comprising an OU public encryption key and an OU private decryption key; securely communicating tiie OU 
prwate decryption key from tiie PS to the OU; deleting the OU private decryption key from tiie PS; creating 

30 in tiie PS an OU certificate for the OU; and communicating the OU cerfrficate from tiie PS to tiie OU. Where 
the OU certificate for the OU is created in tiie PS by a method comprising tfie steps of: creating a message 
contaming ttie OU public encryption key and signing tfie message with the PS private signature key to create 
the OU certificate for the OU. 
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The OU is registered with the RS by a method comprising the steps of: communicating the OU 
certificate to the RS; communicating the second copy of the PS certificate to the RS; providing the MKS 
public signature key to the RS; verifying in the RS that the second copy of the PS certificate was signed 
by the MKS by applying the MKS public signature key; verifying in the RS that the OU certificate was signed 

5 by the PS by applying the PS public signature key, the PS public signature key having been obtained from 
the second copy of the PS certificate; communicating the RS certificate to the OU; communicating the first 
copy of the PS certificate to the OU; verifying in the OU that the first copy of the PS certificate was signed 
by the MKS by applying the MKS public signature key; verifying in the OU that the RS certificate was signed 
by the PS by applying the PS public signature key, the PS public signature key having been obtained from 

0 the first copy of the PS certificate; generating in the RS a cryptographic data element for the OU; encrypting 
the private encryption key in the OU public encryption key, the RS having obtained the OU public encryption 
key from the OU certificate; communicating the cryptographic data element, encrypted in the OU public 
encryption key, from the RS to the OU; and decrypting in the OU the private encryption key by applying the 
OU private decryption key. 

5 This method is preferably employed where the cryptographic system comprises a communication 

system. Moreover, this method is preferably employed where the communication system comprises a 
subscriber television system. 

The method just disclosed is preferably employed in a cryptographic system wherein the RS and the 
OU each comprise a secure chip the secure chip comprising a programmable processor and a read-only 

0 memory, the read only memory containing the MKS public signature key. 

The method just disclosed is preferably employed in this modified system wherein the steps of 
verifying in the OU that the second copy of the PS certificate was signed by the MKS and of verifying in 
the OU that the second copy of the PS certificate authorizes the PS to personalize the OU are accomplished 
by the programmable processor of the secure chip executing a program in the read only.memory of the secure 

5 chip. 

Alternatively, the method just disclosed is preferably employed in this modified system wherein the 
message created during the method of creating the PS certificate additionally contains an effective date and 
an expiration date for the PS certificate, wherein the read-only memory of the secure chip additionally 
contains a manufacturing date code, and wherein the method for personalizing the OU additionally comprises 
the step of: verifying in the OU that the manufacturing date code in the read only memory of the secure 
chip is between the effective date and the expiration date for the PS certificate. 

A further aspect of the present invention is a method of establishing a cryptographic link between 
a first unit and a second unit in a cryptographic system, the second unit being connected to the first unit 
by a communication link, wherein the method comprises the steps of: generating a first public key pair 
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cmnprisiBg a first pubfic key and a first private key; securely cmmntinicatmg the first private key to the first 
owt; securely comrnunicatteg the first puhOc key to the second unit; generating, in the second unit, a first 
cryptographic data etement for use with the first unit; encrypting, in the second unit, the first cryptographic 
data etement using the first public key; communicating the first cryptographic data element encrypted in the 
5 first pubfic key, from the second unit to the first unit; detsypttag, in the first unit, the first cryptographic 
data etement by applying the first private key; and eommonicafeg private messages betwueen the first unit 
and the second unit using the first cryptographic data element. 

The method described above preferably further comprises the steps of: sending a first authentication 
certificate to the second unit, the first authentication certificate authenticating the first puWic key and 
10 authenticating the first unit in the secomJ unit using the first authentication certificate. 

The farther modified method described id,ove preferably farther comprises the steps of: generating 
a second public key pair consfeting of a secom! public key ami a second prh^ate key; securely communicating 
the second private key to the second unit; securely communieating the second puWic key to the fir« unit; 
sendmg a second authentication certificate to the first unit the second authentication certificate 
15 authemicating the secomi public key; and authenticating the second unit i^ 

authenttcathm certificate. 

This farther moSfied method is preferably employed where the cryptographic system comprises a 
communication system. Moreover, this method is preferably employed where the communication sgtstem 
comprises a subscrfter television system. ~^ 
20 The farther modified method described above is preferably employed where the first priyatedcey is 

suitable for creating digital signatures and the first public key is suitable for verifying tfgital signatures. 

The farther modHiBd method descrS^d above is prefer^y emptoyed wherein the first and ^cond 
authemication certificates comprise. respectWely, first ami second chains of m,them»ation certificates, each 
of the certificates in the first chain of authentication certificates and each of ti« certificates In the second 
25 ch^n of autitentlcation certificates compristag: a data vatae indicating a fam:tion tiiat a subject of the 
certificate win be autitorlzed to perform; an effective data far ti« certificate; and an expiration dafe for tiie 
certificate. 

The farther modified method described above te preferably employed in a cryptographic system 
wherein tiie second unit comprises a secure Integrated circuit contairang a programmable processor ^nd a 
30 read-only memory, ami wherein the read-only memory contains a mamrfacturing data code. 

m farther moifflfed method described above is preferably emptoyed in tiie modif«d system lust 
disdosed wherein ^ a»ti«nticetio« of ti« first unit is accomplished by tiie processor m the secure 
imegrated drarit of the second urtt by executing a program comalned m ti« read-only memory of ti» secure 
integratetJ drcuH of the second unit. 
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The further modified method described above is preferably employed in the modified system just 
disclosed wherein the authentication of the first unit in the second unit comprises the step of: verifying that 
the manufacturing date code in the read only memory of the secure chip is between the effective date and 
the expiration date for the certificate. 
5 Alternatively, the further modified method heretofore disclosed is preferably employed in a . 

cryptographic system wherein the first and second authentication certificates comprise, respectively, first and 
second chains of authentication certificates, and wherein the system additionally comprises a trusted - 
authority having a public signature key and a corresponding private signature key, wherein the first chain of 
authentication certificates links the first unit to the trusted authority and the second chain of authentication 

10 certificates links the second unit to the trusted authority. 

The further modified method heretofore disclosed is preferably employed in the first alternative 
system just disclosed wherein authenticating of the first unit in the second unit is accomplished by applying 
an appropriate public signature key to each of the certificates in the first chain of authentication certificates, 
beginning with the public signature key of the trusted authority and authenticating of the second unit in the 

15 first unit is accomplished by applying an appropriate public signature key to each of the certificates in the 
second chain of authentication certificates, beginning with the public signature key of the trusted authority. 

The further modified method heretofore disclosed is mora preferably employed in the first alternate 
system just disclosed wherein authenticating the first unit in the second unit by application of an appropriate 
public signature key comprises the steps of: obtaining the first chain of authentication certificates linking 

20 the first unit to the trusted authority each of the authentication certificates being generated by an authority 
to authenticate a subject of the certificate, each authority having a public signature key and a corresponding 
private signature key, each subject having a public signature key and a corresponding private signature key, 
each of the authentication certificates containing the public signature key of the respective subject of the 
certificate and being signed by the respective authority of the certificate using the private signature key of 

25 the authority, a first authentication certificate of the chain being generated by the trusted authority, each 
subsequent authentication certificate of the chain, if any, being generated by the subject of the previous 
authentication certificate, a last authentication certificate of the chain authenticating the first unit; checking 
the first authentication certificate of the chain of authentication certificates by a method comprising the 
steps of: verifying that the first authentication certificate has been signed by the trusted authority by 

30 applying the public signature key obtained from the trusted authority and verifying that the first % 
authentication certificate contains the public signature key of the subject of the first authentication 
certificate; and checking each subsequent authentication certificate, if any, of the chain of authentication 
certificates by a method comprising the steps ot obtaining the public signature key of the authority of the 
subsequent authentication certificate from the previous authentication certificate, verifying that the 



wo 95/23468 PCTAJS9S/02324 

■11- 

subsequent aothentication certificate has been signed by the authority of the sulisequent authentication 
certificate by applying the public signature key of the authority of the subsequent authentication certificate, 
and verifying that the subsequent authentication certificate contains the publfc signature key of the subject 
of the strtnequent audientreation certificate. 
5 The further modifiBd method heretofore disclosed is preferably employed in the first alternate system 

just disclosed wherein the second unit comprises a secure integrated circuit containing a programmable 
processor and a read-only memory, and wherein the read-only memory contains the public signature key of 
the trusted authority. 

The further modified method heretofore disclosed is preferably employed in the modified first 
10 alternate system just disctesed wherein the authentication of the first unit is accomplished by the processor 
in the secure Integrated circuit of the second unit by executing a program contained m the read-only memory 
of the Mcore inteyated circuit of the second unit. 

AltematiwBty, the further modified method earlier described is employed in a second»alternate 
cryptographic system wherein the system additionally comprises a third unit, wherein the third unifSenerates 
15 the first pubfic key pair and securely communicatBS the first private key to the first unit andrsecurely 
communicates the first pubRc key to the second unit, and wherein the third unit generates the secah* pubfic 
key pair and securely communicates the second private key to the second unit and securefy communicates 
the second public key to the first unit. "-^ 

The further moifified method earBer described is preferably employed in the second alternaessystem 
20 described above wherem the method additionally comprises the steps of: deleting the first privatePtey from 
the third unit and deleting the second prhrate key from the third unit. 

The further modified method earfier described Is preferably empteyed m the second altemaitrsystem 
described above wherein the first private key is securely communwated from the third unit to the first unit 
by a method comprising the steps of: providing a first public signature key to the first unit the first public 
25 slgnqiure key correspomHng to a first private signature key possessed by the third unit; creating a message 
in the third unft. the message containing the first private key; digitally signing the message in the third unit 
using the first private signature key; securely transmitting the digaally signed messap containing the first 
private key to the first unit; and verifying in the first unit that the message was signed by the third unit by 
applying the first pubfic signature key. 
30 The further modtfied method earlier described is preferably employed In the second alternate system 

described above wherein the method addhlonalty comprises the step of performing in the first unit a 
verificathwi function to verify that the third unh has been authorized by a trusted authority to provide the 
first pubfic key pair, the trusted authority having a second pubHc signature key and a corresponding second 
private signature key, the verification function comprising the steps of: receiving In the first unit a certificate 
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containing the first public signature key and a message indicating that the third unit has been authorized by 
the trusted authority to provide the first public key pair, the certificate having been signed with the second 
private signature key; obtaining the second public signature key; applying the second public signature key to 
the certificate to verify that the certificate was signed by the trusted authority; and reading the message 
5 in the certificate to determine whether the third unit has been authorized to provide the first public key pair. ' 

A further aspect of the present invention is a cryptographic system having a first unit and a second 
unit, the first unit being connected to the second unit by a communication link, the first unit performing a 
first function, the second unit performing a second function, the second function being different from the first 
function, wherein the improvement comprises: the first unit comprising a first communication circuit, the first 

10 communication circuit comprising a first secure circuit and the second unit comprising a second 
communication circuit, the second communication circuit comprising a second secure circuit, wherein the first 
communication circuit and the second communication circuit interface to establish a cryptographic link 
between the first unit and the second unit over the communication link, each of the secure circuits containing 
information needed to establish the cryptographic link between the first unit and the second unit. 

1 5 This cryptographic system preferably functions primarily as a communication system. Moreover, this 

cryptographic system preferably functions as a subscriber television system. 

The cryptographic system heretofore disclosed is preferably embodied wherein the first secure circuit 
comprises a first secure integrated circuit wherein the second secure circuit comprises a second secure 
integrated circuit, wherein the first secure integrated circuit comprises a first programmable processor and 

20 a first read-only memory, wherein the second secure integrated circuit comprises a second programmable 
processor and a second read-only memory, and wherein the information needed to establish the cryptographic 
link is contained in the first and the second read-only memories. 

The cryptographic system heretofore disclosed is preferably embodied wherein the information 
contained in each of the read only memories includes a public signature key of a trusted authority. 

25 The cryptographic system heretofore disclosed is preferably embodied wherein the information 

contained in the first read only memory additionally includes a program executed by the first progrannnable 
processor for authenticating the second unit, and wherein the information contained in the second read-only 
memory additionally includes a program executed by the second programmable processor for authenticating 
the first unit. 

30 Alternately, the cryptographic system disclosed earlier is preferably embodied wherein the system 

further comprises a third unit and a trusted authority, wherein the trusted authority authorizes the third unit 
to provide the first unit with a public key and a corresponding private key, the third unit generates the public 
key and the private key for the first imit, the first unit provides the second unit with the public key from 
the third unit, the information contained in each of the read only memories containing a program for 



30 



wo 95/23468 PCr/US95/02324 

-13- 

dBtemnnlBg wheHttr the tWrd unit has been authorized by the trusted authority to provide the public key and 
the private key. the second comnranication orouit receivino the private key from the third unrt only after the 
second secure circuit has executed the program to dBtermine that the third unit has been authorized by the 
trusted authority to provide the pubttc key and the private key. 
g Brirf Deseriotip n nf the Drawings 

Figure 1 ilhistrates a general fanetonal Week diagram of a cable ami sateflite television system 
incorporating the cryptographrc method of the present invention. 

Rgure 2 fflustrates a flowchart for establishing a secure communication network in the cable and 

satellite television system of Figure 1. 
10 Figure 3 ilhistrates a flowchart for the personalization by an MKS of a secure chip of an MKS-PS. 

an MKS-RS or a PS of the system of Figure 1. 

Figure 4A illustrates a flowchart for the creation of an authentication certificate and an Initialization 
message by m MKS for a secure chip of an MKS-PS. an MKS RS or a PS. 

Figure 48 Ilhistrates a flowchart for the authertication and veriffcation by a secure chip of the 
15 authertication certificate and the initialnation message created by «ie processes of Figure 4A. 

Figure 5 illustrates a flowchart for the personalization by a PS or an MKS-PS of a secure^p of 
a HE, a DEC. an ECS, an ECS-RS or a Ul of the system of Figure 1. 

Figure 6A Illustrates a flowchart for the creation of an authentteation certificate and an initi|feation 
message for a secure chip of a HE, a DEC, an ECS. an ECS-RS or a UL ^ 
20 Figure 6B ilhistrates a flowchart for the authentication and verification by a secure chte^of the 

authentication certificate and the iidtlallzatlon message created by the processes of Figure 6A. 

Rgure 7A ffliistraies a flowchart for the registration by an MKS-RS of an ECS. an ECS-RS ami a 

UL of the system of Figure 1. 

Figure 7B Ilhistrates a flowchart for the registration by an ECS-RS of a channel of an HE of the 

25 syston of Figwe 1. 

Figure 7C Ilhistrates a flowchart for the registration by an ECS-RS of a DEC of the system of Rgure 

Rgure 8 Illustrates a flowchart for the authentication and verification of the authertication 
certificates exchanged during the registration processes of Rgures 7A, 7B and 7C. 

pfftatted Deacri fftipfi of the Preferred EttfKPtett 
Rgure 1 Illustrates a cable and satellite television communication system im^rporating the 
cryptographic system of the presort tovertlon. Although the preferred embotRmert of the presort .mention 
win be described In relation to a subscriber television system, one of skiB in the art will understand the 
presort dhtdosure to apply to a wide ninety of communication systems. For example, the presert invention 
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can be applied to a subscriber radio system or an ordinary computer network. In addition, one of skill in the 
art win understand the present disclosure to apply to other systems for which communication is not the 
primary purpose. For example, the present invention can also be applied to an alarm system to establish a 
secure communication link between different elements of the system. Use of the word "communication" or 
5 "communicate" in the present specification is generally intended to refer to the general concept of • 
transferring information from a source to a destination. These terms should not be construed to limit the 
scope of the invention to a "communication system." where the primary objective of the system is to 
communicate information. The present invention can apply to systems in which the communication of 
information is only a minor, or even insignificant, aspect of the overall system. In fact, the present invention 
1 0 can be adapted for use in any system for which a secure cryptographic link is desired. 

For purposes of this specification, a "communication link" will comprise some physical medium over 
which information can be communicated between two elements of a system and some mutually understood 
method or technique for communicating. The physkral communication medium may comprise, for example, 
a hard wired electrical connection, an ordinary telephone line, a computer network line, a fiber optic cable, 
15 or a radio broadcast communication link. The communication method or technique may comprise, for example, 
a specific language, a shared syntax for coded messages, or an encryption/decryption algorithm. A 
"communication network" will refer to a set of communication links, where each communication link may use 
a different physical communication medium and a different communication method or technique. A 
communication link or network will be "secure" if an encryption/decryption system is used for which 
20 determination of encrypted information is computationally or economically infeasible without knowledge of 
specific decryption information and where the decryption information has not been acquired by outsiders, or 
if a signature/verification system is used for which unauthorized insertion or modification of signed information 
is computationally or economically infeasible without knowledge of specific signature information and where 
the signature information has not been acquired by outsiders. Preferably, an encryption/decryption system 
25 is used for which determination of encrypted information is computationally infeasible without knowledge of 
specific decryption information, and a signature/verification system is used for which unauthorized insertion 
or modification of signed information is computationally infeasible without knowledge of specific signature 
information. A communication link or network will be considered "compromised" if an outsider acquires the . 
decryption information of an encryption/decryption system or the signature information . of a 
30 signature/verification system. An "outsider" or "pirate" will refer to a person or communication unit that is 
not an intended recipient or source of cert»n information. 

A person of skill in the art will understand that the preferred embodiment of the present invention 
may comprise a pure cabte television system, a pure satellite television system, or a combination cable and 
sateifite television system. The preferred OTibodiment of the present invention will be described in terms of 
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a caWe and sateflite subscriber tetevislon system. The preferred embodiment relates to a method and 
apparatus for estabBshIng a secure communication linic between the different elements of the subscriber 
television system for which communication is desired. 

Returning to the subscriber tetewtsion system of Rfure 1, the preferred embodiment comprises a 
5 mnnber of communica«on elements or units, Including a master key station (MKS) 100, an MKS registration 
station (MKS-RS) 102, an MKS personalization station (MKS-PS) 104, a secure chip personalization station 
(PS) 106, an entitlement control system (ECS) 108. an ECS registration station (ECS-RS) 1 10, an upBnk (UL) 
1 1 2, a head end IHE) 1 1 4, a cable decoder box (DEC) 1 1 6 and a satellite decoder box (DEC) 118. The MKS 
100, the MKS-RS 102 and the MKS-PS 104 could alternatively be combined to form a single unit. Also, the 
10 ECS 108 and the ECS-RS 110 could be combined. Each of the communication elements in the system will 
preferably comprise a programmable computer. Each of these computers wiH be programmed to perform the 
appropriate functions of the present mvention, as described below. Each of the communication elements in 
the system wfll contain one or more Integrated circuit components referred to as secure chips (SqM40. 
Also, the head end 114 wiH comprise one or more head end channels 142, each of which wiH contain one 

15 or more secure drips 140. ^* 

The MKS 100 is comiected to the PS 108 by a commurecation line 1 19. For a subscriber tetedsion 
system, messages wffl preferably be transferred between the MKS 100 and the PS 106 by a human eourier: 
physically transporting the messages. Thus, the line 119 may comprise a courier walking between m^. and 
need mt comprise an electronic medium. The MKS 100 and the MKS RS 102 are connected to the tft 112 
20 by a communication line 120. The MKS 100 and the MKS RS 102 are connected to the ECS IQfrby a 
communication line 122. Again, the communication lines 120, 122 wiH preferably consist of a human courier 
physically carrybig messages between the respective units. In some embotfments, a physically protected 
electronic medium may be suffidently secure for the lines 120, 122. The ECS 108 is connected to the UL 
112 by a communication Ime 132. The ECS 108 is connected to the head end 114 by a communication One 
25 124. The ECS-RS 110 is connected to tf» head end 114 by a communication line 126. The UL 112 1$ 
connected to the head end 114 by a communication Kne 128. The head end 114 is comiected to the cable 
decoder box 116 by a communication Hne 134. The ECS-RS 110 is connected to the cable decoder box 116 
by a communication line 130. The ECS RS 110 is comiected to the satellite decoder box 118 by a 
communication Ime 131. The head end 114 is comiected to tiie sateHHe decoder box 118 by a 
' 30 communfcation Ime 136. The UL 112 is connected to the satellite decoder box 118 by a communication Kne 
138. In addition, local communication lines are provided between ti» MKS 100, ti« MKS-RS 102 and ti« 
MKS-PS 104, and between ttie ECS 108 and the ECS-RS 110. aWiough tiuse lines are not illustrated in 
Figure 1. The MKS 100, MKS-RS 102 and MKS-PS 104 may be different functional units wrthin the same 
equipment housing, or otherwise physically connected. On the other hand, if these units 100. 102, 104 are 
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physically separated, then the local communication lines will be physically protected, such as by human 
courier. The communications line between the ECS 108 and the ECS-RS 110 will either be physically 
protected or cryptographically secured. 

The subscriber television system of Figure 1 performs two primary functions. First the system 

5 distributes the various video signals consthoting the various television channels, one or moxB of which may 
be scrambled, to the different cable decoder boxes 116 and satellite decoder boxes 118 in the system. 
Second, the system distributes cryptosystem keys and other information to allow specific decoder boxes 116, 
118 to unscramble the appropriate video signals and receive the appropriate television programs. A typical 
implementation of the present invention in a subscriber television system may comprise a single master key 

10 station 100, with an associated registration station 102 and personalization station 104; between 10-20 
secure chip personalization stations 106; from one to ten entitlement control systems 108, with associated 
registration stations 110; from one to ten uplinks 112; on the order of 10,000 or more head ends 1 14; and 
up to approximately 10,000,000 decoder boxes 116, 118. However, for convenience, the description will 
generally assume a system comprising one of each type of unit. 

15 The communication lines 132, 126 and 124 may constitute ordinary computer network interfaces. 

There is no need to ensure that pirates do not have access to these communication lines. The present 
invention will provide a secure communication environment despite such pirate access. The communication 
line 128 provides a satellite communication interface between the uplink 112 and the head end 114. The 
communication line 134 is a standard cable interface between a head end 1 14 and a cable decoder box 116. 

20 The communication line 136 provides a satellite communication interface between the head end 114 and a 
satellite decoder box 118, such as in an existing "television receive only/pass through" system (TVRO/PT). 
The communication line 138 provides a satellite communication interface between the uplink 112 and the 
satellite decoder box 118, such as in an existing "television receive only" system ITVRO). The communication 
lines 130 and 131 are standard telephone lines. 

25 The uplinks 112 receive video signals from a variety of sources, such as a first run movie source. 

The uplinks 112 distribute these video signals to the different head ends 114 in the system via the 
communication fine 128 and to the different satellite decoder boxes 118 via the communication line 138. 
Each of the head ends 114 distributes these video signals to a number of the cable decoder boxes 116 via 
the communication line 134 and to a number of the satellite decoder boxes 118 via the communication line 

30 136. The uplinks 112 may scramble one or more of the video signals before transmitting the signals to 
either the head end 114 or the satellite decoder boxes 118. If so, then the head ends 114 will typically 
unscramble one or more of the scrambled video signals. Before retransmitting the video signals to the 
decoder boxes 116 and 118, the head rad 114 may also scramble one or more of the video signals. The 
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decoder boxes 1 16 and 1 18 will then unscramble one or more of the video signals that have been scrambled 
by either the head end 114 or the upTtnk 112. 

The entitlement control system 1 08 can control which head ends 1 14 and which decoder boxes 1 16 
and 118 can unscramble each of their respective video signals by selectively provldmg them with appropriate 
decryption information. The ECS IDS also controls the scrambling of the video signals by the UL 1 1 2 and 
the HE 114 by providing these units with appropriate encryption information. The process of controlling 
access to video signals by different elements In the system wUI be referred to as "entitlemBnt.'' The 
encryption/decryption information disseminated by the ECS 108 must be carefully guarded because, if a pirate 
obtains this information, the pirate can have unauthorized access to the video signals of the subscriber 
television system. In other words, the pirate could watch television programs without paying any subscriber 
fees. Such piracy can deprWe subscriber television providers of great sums of earned income. The present 
imrention provides a method for establishing secure communication links for the dissemination of this critical 

encryption/decryption mformation. i 

The master key station 100. the MKS registration station 102, tite MKS personalization station 104. 
15 the secure chip personalization station 108 ami the ECS registration station 110 do not have anyJrecL. 
comrol over the distribution of ti« video signals or ttie entitiement of different head ends 114 or d^odeu 
boxes 116. 118 to receive the different video signals. Instead, tiie main function of tiiese units^is to._, 
establish a secure communication network for the remainmg units of the system, as described in areater,.. 
detail below. These remaining units, the ECS 108. tiie UL 112. the HE 114 and ti» decoder boxes 116.^ 
20 118, will be referred to as "operational units." 

Figure 2 iHustrates tiie preferred metiiod of the present invention for establishing a secure 
communication environment for the operational units of the subscriber television system of Figure 1., The 
metiiod begins at a block 200. At a process block 202. the MKS generates an MKS publiclprivate signature 
key pair. As described above in tiie description of tite related art. the prior art discloses several tiwroughly 
25 tested metiiods for generating a pubfic/private signature key pair. A person of skifl in tite art will understand 
how to generate publicftirhfate signature key pairs by referring to appropriate prior art references, such as 
the OSS. which was referred to above. The DS8 wifl be tiie preferred algorithm for generating public/private 
signature key pairs, although otiier algorithms can also be used. 

As described above in tiie description of tiie related art, a public key cryptosystem will typically only 
be secure if each private key Is known only by the emity to which tiie private key belongs. In addition, each 
of the pubnc keys must be distributed in a manner tiiat allows each element of tiie system to auttienticate 
the source of a pubTic key. The present Invemton implements an autiumtication scheme based on 
autiientication certificates generati^d by a "tn«ted autiwrity." The MKS 100 wiH function as tiiis trusted 
autiiority. As described above, a pubBc key cryptosystem based on autiientication by a trusted authority will 
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only be secure if each of the elements of the system obtains a true copy of the public key of the trusted 
authority. In the present invention, the public key of the MKS 100 is distributed to the elements of the 
system in a very reliable manner, as described immediately below. 

In the preferred embodiment each of the units in the subscriber television system, except possibly 
5 the MKS 100, will contain a secure circuit that performs cryptographic functions of tha present invention. 
The secure circuit will be resistant to tampering and eavesdropping by a pirate. Preferably, the secure circuit 
Will take the form of an integrated circuit component referred to as a secure chip (SC) 140, as shown in 
Figure 1. Each of these secure chips 140 in the different units of the system may be identical to one 
another, or they may contain different software routines to perform the different functions required by the 

10 different units in the system, or they may have different hardware configurations. Nevertheless, each of the 
secure chips 140 in the system will contain at least one common feature; namely, the public key of the MKS 
100 will be programmed into read-only memory (ROM) on the secure chip 140 to provide permanent storage 
of this key. This step is performed at a process block 204 of Figure 2. Thus, the mask that is used to 
manufacture the secure chips 140 will contain the public key of the MKS 100. Because the ROM cannot 

15 be changed after an integrated circuit component is manufactured, any secure chip 140 manufactured using 
a mask containing the public key of the MKS 100 will have reliable access to the public key of the MKS 
100 for the life of the secure chip 140. 

At this point the system comprises an MKS 100 and a number of secure chips 140. Next at a 
process block 206, the MKS 100 personalizes a secure chip 140 for the personalization station 106, the 

20 MKS personalization station 104, or the MKS registration station 102. The process block 206 will be 
executed once for the MKS RS 102, once for the MKS PS 104, and once for each personalization station 
106 in the system. The personalization process achieves three main objecthres. First, it provides the secure 
chip 140 with a public/private signature key pair, without allowing any other element to have access to the 
private signature key of the secure chip 140. In fact after the personalization process is completed, even 

25 the unit performing the personalization does not have access to the private signature key of the secure chip 
140.*^ Second, the personalization process provides the secure chip 140 with a chain of authentication 
certificates so that the secure chip 140 can prove to other elements that it has been directly or indirectly 
personalized by the MKS 100. These other elements can verify the authentication of the secure chip 140 
even if they only possess the public signature key of the MKS. 100. The third main objective achieved by 

30 the personalization process is to ensure that the process is performed only by an authenticated and authorized 
source. The process for the personalization of the secure chips 140 of the PS 106, the MKS-PS 104 and 
the MKS RS 102 by the MKS 100 will te described m greater detail below, with reference to Figure 3. 

After a secure chip 140 has been personalized, it can be incorporated into one of the communication 
units of the system. After a secure chip 140 has been incorporated into the PS 106, the MKS RS 102 and 
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the MKS^S 104, then each of these units, along with the MKS 100, can begin perfonning its intended 
functions, inchiding communicating with one another over the communicatiDn line 119 and the local MKS 
comrounlcstion lines. 

At a procKS btock 208. the personallration station 106 personafees the seeure chips 140 for the 

5 channels 142 of the head end 114 and the decoder 116, 118. The pnicess block ^wiD be ejtecuted once 
for each channel of each head end 114 In the system and once for each decoder 116, 118 in the system. 
The process for the personalization of the secure cWps 140 by the personalization station 108 is similar to 
the personalization of the secure chips 140 by the MKS 100. except that the personaTaation station 106 
also provides the secure chip 140 wi«i a public/private encryption key pair, designated the rekey key pair. 

10 After tlie personalization process is compteted, the personafeation station 1 08 no hmger has access to either 
the private signature key or the private rekey key of the secure chip 140. 

At a process Week 210, the MKS personalization statten 104 personaHzes the secure chips 140 for 
the ECS 108, the ECS-RS 1 10 and the UL 1 12. The process btock 210 wBI be executed ence for eacfe ECS 
108, once for each ECS-RS 110 and once for each UL 1 12 in the system. This personafization procUss is 

1 5 very similar to the personaHzation of the secure chips 140 by the personalization station 1 08. Both o^ese 
personalization processes are desalbed In greater detaU below with reference to Figure 5. ^ 

After every secure chip 140 has been personalized, each secure chip 140 wBI be incorporated into 
an appropriate communication unit. At this point, the MKS 100, the MKS-RS 102. the MKS-PS It^and 
every PS 106 in the system will have its own public/private signature key pair. In addition, every ECSSIOO, 

20 every ECS-RS 110. every UL 112. every charaiel 142 of every HE 114. and every decoder box 116, It* will 
have its own puhHc/privato signature key pair and public/private rekey key pair. In addition, iwery 
communication element except the MKS 100, has a chain or hierarchy of authentication certificates lihking 

it back to the MKS 100. 

For examplB. a cable decoder box 1 16 wlB have a hierarchy of authentfcatton certificates consisting 

25 of two levels. The first or highest level certificate wffl be a PS authentication eatWcate created by the 
MKS 100 for the PS 108 that personalized the cable decoder box 116. The creator of an authentication 
certffieate wffl be referred to as the "authority- of the certificate. vrttHe the secure chip 140 being 
authenticated wfll be referred to as the "subject" of the certificate. Abo, the unit containing the secure chip 
140 may also be referred to as the SBbfect. This certificate wlH indicate that the MKS 100 has recognized 

30 the public key of the PS 108, ami that the MKS 100 has authorized the PS 108 to personalize other secure 
chips 140. The last or towest level certificate wlO be a SC authentication certificate for the cable decoder 
box 118. TWs certificate wlB htdfcate that the PS 106 recognized tiw pubHc signature key of the cable 
decoder box 116, ami that the c^ decoder box 116 is authorized to operate as a cable decoder box 116. 
Thus, the PS 106 is the autiwity with respect to tins second certificate, virtwle the cabte decoder box 116 
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is the subject. The combination of these two authentication certificates provides indirect authentication of 
the cable decoder box 116 by the MKS 100. 

After a secure chip 140 has been incorporated into the ECS 108 and the ECS RS 110, then these 
two units can begin to communicate with one another over the local ECS communication line. However, all 
5 remaining communication Rnks will remain inoperable until appropriate units are registered. First, at a process . 
block 212, the MKS RS 102 registers the ECS RS 110, the ECS 108 and the UL 112. The process block 
212 will be executed at least once for each of these units in the system. This registration is performed on 
behalf of the MKS 100. 

The registration process comprises three main functions. First, the unit performing the registration 

10 authenticates the unit to be registered by checking its chain of authentication certificates linking it to the 
MKS 100. Second, the unit to be registered authenticates the unit performing the registration by checking 
its chain of authentication certificates linking it to the MKS 100. Third, the unit performing the registration 
generates a random private encryption key and privately sends it to the unit to be registered and to the unit 
for which the registration is being performed. The unit performing the registration then destroys all copies 

15 of the private key that it has retained, so that the other two units can establish a secure communication 
link using the private key. The forntat of this private encryption key, and the algorithm used to generate 
the key will depend on the particular implementation of the entire system. For example, for a system utilizing 
the descrambier system disclosed in U.S. Patent No. 4,634,808, issued to Moerder, the private encryption 
key will comprise the unit seeds described in that patent. The registration of the ECS RS 110, the ECS 108 

20 and the UL 112 by the MKS RS 102 will be described in greater detail below with reference to Figure 7A. 

The registration process also serves to identify the newly registered unit to the MKS 100 so that 
the MKS 100 can begin transmitting appropriate messages and information. This identification upon 
registration allows a system to be implemented without predefining the number and location of each type 
of unit in the system. This adds great flexibility to the implementation of a system of the present invention. 

25 In addition, this aspect allows the configuration of the system to be expanded or modified while the system 
is operating. The same rationale applies to registration of HE channels 142 and decoder boxes 116, 118. 
At this point in the present invention, the ECS 108, for example, is unaware of any HE channels 142 or 
decoder boxes 118, 118, and has no knowledge as to the ultimate number or configuration of these units. 
As each HE channel 142 and each decoder box 116, 118 is registered, then the ECS 108 begins transmitting 

30 appropriate messages and information to the newly registered units. 

At a process block 214, the ECS RS 110 registers the UL 112 and a channel 142 of the head end 
114. The process block 214 will be executed one time for each UL 112 in the system and for each channel 
142 in each head end 114 of the system. In this registration process, the ECS RS 110 wilt generate and 
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send a private encryption key to the unit to be registered. This regetration process will be described in 
greater detail betow with reference to Rpre 7B. 

At a process btodc 216, the ECS-RS 1 10 registers a decoder box 1 16, 1 18. The process block 216 
wQl be fflffi^ed once for each cable de&oder box 116 and satellite decoder box 118 in the system. The 

5 ECS-RS 110 wit] again generate and send a private encryption key to the unit to be registered. This 
r^stra^on process will be described in ^^ter detafl below with reference to Rgure 7C. 

At a block 218, the me^od of the present invention is comptete, and a secure communication 
n^work has been established between the different operational units of the sutesiber television system. 
Mtm specificatty, the ECS 108 now has a unique private encryption key and a unique public signature 

10 verification key for ead) of the uplinks 112, each of the channels 142 of each of the head ends 114, and 
each of the decoder boxes 1 1 6, 1 1 8, as weli as a single private signature key for u^ with all of these units. 
The ECS 108 can now send encrypttonfdecryption infommtion to the ap^opriate operational units by 
encryptmg ttie information in each of the operational units' respective prhrate encryption keys. In addition, 
the ECS 108 can sign the information using its private signatwe key, as retired, so that each oMhe 

15 operatitmal units can verify the source of tfra information by applying the corresponding public sigj^re 
v^iftcatlon key. Rnally, where ^roprfate, the ECS 108 can verify the source of a signed messa^ by 
applying the public signature verification key that corresponds to a private sigrature key of the unil^at 
appears to have sent the message. A would-be pirate will now have a very (fifficult time breaking^the 
encryption n^ork to obtain the information necessary to unscramble the video s^nals. 

20 Even if a pirate manages to break the secure enwronment, for scample, by obtaining one the 

private encryption keys, a secure conrounication network can gmier^ be re-est^lished by re regist«ing 
some or all of the operational units of the system. The re-re^tr^ion of fte operational units can be 
performed in tfie same manner as described and Ifctstrated with reference to Figures 7A, 7B and 7C. Thus, 
the re*registi'atibn of the operational units can be performed remotely. 

25 Thte re*registrdtion process a n^r advantage of the pre^t inventicm over the subscriber 

television systems of the prior art. TypraBy, when a subscifter televlston system has been compromfeed, 
a large numb^ of decoder boxes must be recced, costing tite service provider large sums of money. 
Alternatively, the decoder boxes may contain a replaceable security cartridge that can be replaced in a 
number of the decoder box^ to re-«taW^ a secure communication network. The process of remotely re- 

30 rearing the operational units upon a comprontise of the secure netwwk greatiy sanplifies tiw process and 
reduces fte cost of re-estabRshmg a secure network. In the subscriber televbion system incorporating the 
pr^ent teventfon, there no need to nwcfify the hardware of the system, or even to move any of the 
hardware unite of the system, to re-estabfish the secure networic. The number of units that must be re- 
registered to re^tabfish a secure network will depend on the pjffticular compromise that is involved and 
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must be determined on a case-by-case basis. For example, if a private encryption key of a particular cable 
decoder box 116 is obtained by a pirate, then only that particular cable decoder box 116 must be re- 
registered. The ECS 108 can transmit a message to the cable decoder box 116 to indicate that the cable 
decoder box 1 16 must be re registered. At that point, the re-registration process of the cable decoder box 
5 116 will proceed as described below with reference to Figure 7C. A re-registration process may also be 
performed to compensate for some forms of cryptographic weakness In other areas of the secure 
communications system in which the present Invention is incorporated. For example, in a subscriber television 
system, if a video stream cipher technique is utilized that is vulnerable to pirate attacks, then re-registration, 
followed by dissemination of new cipher keys, can be used to ensure a secure communication network. 
]0 Also, if a private signature key or a private encryption key of a secure chip 140 is compromised, 

then that particular secure chip 140 can be replaced by a new secure chip 140. The new secure chip 140 
should be personalized according to a personalization process, as described below with reference to either 
Figure 3 or Figure 5. Then the new secure chip 140 can be incorporated into the same element from which 
the old secure chip 140 was removed. The element receiving the new secure chip 140 must then be 
15 registered according to one of the processes described below with reference to Figures 7A, 7B and 7C. 
Depending on the element that has been compromised, other elements In the system may also need to be 
re-registered. For example, if the ECS 108 has been compronwsed, then each of the other operational units 
associated with that ECS 108 should also typically be re registered because all of the private encryption and 
signature keys associated with that particular ECS 108 will typically not be trusted. 
20 In the preferred embodiment of the present invention, the re-registration process described above will 

also be periodically executed for each of the operational units in the system to further safeguard the security 
of the communication network. 

Figure 3 illustrates the process for an MKS 100 to personalize a secure chip 140 of a PS 106, an 
MKS PS 104 or an MKS-RS 102, as represented by the process block 206 in Figure 2. At a block 300 of 
25 Figure 3, the personalization of a secure chip 140 begins. At a process block 302, the MKS 100 generates 
a puBBcfprivate signature key pair for the secure chip 140 that will be personaBzed. This step is the same 
as the process described above with reference to the process block 202 of Figure 2. 

At a process block 304, the MKS 100 creates an authentication certificate for the secure chip 140. 
The purpose of the authentication certificate is to indicate that the MKS 100 recognizes the public signature 
30 key of the secure chip 140 and to Indicate that the unit containing the secure chip 140 is authorized to 
perform the functions specified in the certificate. For example, a secure chip 140 for a PS 106 will be 
authorized to personaTize other secure chips 140. The process for creatmg an authentication certificate for 
the secure chip 140 will be described in greater detaa below with reference to Figure 4A. Appendix A1 
conta'ms a table Indicatmg the general formats of the authentication certificate for a PS 106. an MKS PS 
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104 or an MKS RS 102 of the preferred embodtment. Appendrces A2-A7 comam tables mdtcating the general 
formats ef other certiffrates and messages of the preferred embodiment. The format of each of the 
certificates and messages represented by Appendices A1A7 can vary wrfdeiy tn different implementations of 
the present invention. For the preferred embodiment eaeh of these certificates and messages w3i comprise 

5 a number of field types and stdhffetd types. The authentication certffiC^ of Appendix A1 Anther comprises 
a oertiricate header, an authorcration btock, a pid)Dc signature key and a signature Mock. The certificate 
header further comprises a cerfficate ID, an issuer ID, an issuer certificate ID, an effecth^e date and an 
erpiration date. Appencfix A8 ^intains a Hst of definitions of the field types of Appendices A1-A7. 

At a process block 306, the A/HCS 100 creates an mitiaKzation message for the secure chip 140, 

10 which v\nn contain the private signature key for the secure chip 140. The process of creating tiiis message 
win be described in greater detail below with reference to Rgure 4A. Appendix A2 contains a table indicating 
ttie general format of tfte Wtiafeation message for a PS 10B, an MKS-PS 104 or an MKS RS 102 of the 
preferred embodiment. 

At a process block 308, the MKS 100 sends the authentication certificate created in the process 
15 block 304 and the inttiaHiation m^sage created in the process block 306 to the secure chip 140.:;£jhis 
transfer must be done in a semire environment because the imtfafizatton message contains the piLvate 
signature key for the secure chip 140. If an outsider intercepts this message, then the outsider may b^ble 
to impersonate the secure chip 140 by signing messages with the private signature key of the secur^chip 
140. Preferably, the MKS 100 will be in a very secure environment. For example, depending on the fereat 
20 of pfracy, the MKS 100 may be contained in a high security vault, with armed guards. Preferably, the ^ure 
cWp 140 wfH be taken into direct contact with the MKS 100, wfthm the secure environment for the 
persoimlization process. One of skill in the art wfll know of numerous methods for ensuring the secure 
communication of these messages. 

At a process Mock 310, the secure chip 140 checks the authentication certificate obtained from the 
25 MKS 100 by applying the MKS pubKc signature key obtained from the ROM of the secure dip 140. The 
process for cheddng the authenticathm certificate will be d^i^bed hi greater detail below with reference 
to Figure 4B. 

At a decision bh«:k 311, the secure chip 140 determines whetiier the check of the authentication 
certifrcate performed at the process trfock 310 was succ^faL or whether it returned with an error 
30 condition. If the check of the authenti^tion certifmate was not successful, ttien tite secure chip 140 will 
ad^anta to a process block 315. At thfe point, the secure chip 140 will abandon tiie personafization process 
and return to fte block 300 to restart the personaBtation process. If the cheek of the authentication 
certificate was successful, tften the secure cWp 140 wHI advance to a process block 312. 
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At the process block 312. the secure chip 140 checks the initialization message received from the 
MKS 100. Again, the secure chip 140 will apply the public signature key of the MKS 100, obtained from 
the ROM of the secure chip 140. The process for checking the initialization message will also be described 
In greater detail below with reference to Figure 4B. 

5 At a decision block 313, the secure chip 140 determines whether the check of the Initialization 

message performed at the process block 312 was successful, or whether it returned with an error condition. 
If the check of the initialization message was not successful, then the secure chip 140 will advance to the 
process block 315 and abandon the personalization process. If the check of the initialization message was 
successful, then the secure chip 140 will advance to a process block 314. 

^0 At the process block 314, the secure chip 140 stores the authentication certificate and the 

initialization message obtained from the MKS 100. The secure chip 140 will carefully guard the contents 
of the initialization message, because it is essential that no outsider obtain the prhrate signature key 

contained in that message. 

At a process block 316. the secure chip 140 notifies the MKS 100 that the authentication 
15 certificate and the initialization message have been accepted by the secure chip 140. and that the 
personalization of the secure chip 140 has been completed. At a process block 318, the secure chip 140 
will perform a lock routine so that the secure chip 140 will not accept any further attempts at 
personalization. This lock routine will ensure that the secure chip 140 never runs the personalization routine 
again, and ensures that the memory locations containing the authentication certificate and the initiarization 
20 message can never again be modified. This lock routine will prevent would-be pirates from tampering with 
the stored messages, and. especially, the private signature key of the secure chip 140. 

At a process block 320, the MKS 100 deletes any copy of the private signature key of the secure 
chip 140 that it may have retained after transmitting the initialization message to the secure chip 140. At 
this point, the secure chip 140 wffl be the only element with knowledge of its private signature key. At a 
25 block 322. the personalization of the secure chip 140 is complete. 

- Figure 4A Illustrates the process for creating an authentication certificate and the process for 
creating an initialization message for a secure chip 140 of a PS 106, an MKS-PS 104 or an MKS-RS 102. 
These processes are represented by the process blocks 304 and 306, respectively. In Figure 3. At a block 
400, the MKS 100 will begin to aeate the authentication certificate for the secure chip 140. At a process 
30 block 402. the MKS 100 wiU create the structure of the authentication certificate. At a process block 404, 
the MKS 100 wtU add the secure chip 140 public signature key that was generated in the process block 302 
of Figure 3. At a process block 412, the MKS 100 wfll add a data value to the message to indicate the 
authority that wiB be granted to the secure chip 140. A secure chip 140 for a PS 106 or an MKS-PS 104 
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Will be granted the authority to personalire othw secwe chips 140. A secure chip 140 for the MKS-RS 102 
will be granted the authority to register an ECS-RS 110. an ECS 108 and a UL 112. 

At a process block 414, the MKS 100 wfll add a first date to the message to indicate the date on 
which the authentication certificate will become effective and a second date to indicate tiie date on which 
5 tfie authentication certificate wiU expire. As described in greater detail below, tiiese dates specify a window 
in whidi ti» units receivhig the secure chips 140 wfll be autiioHzed to perform titeir functions. This is yet 
another safeguard to defeat pirates. For example, even if a pirate manaps to obtain a PS 106, and can 
also obtain some secure chips 140, tiie pirate wiB only be able to personalize ttrose sec^ chips 140 ti»at 
have a manufacturing date code tiiat falls between tiie effective date and tiie expiration date of the 
10 authentication certificate of the PS 106. 

At a process block 416, tiie MKS 100 will sqpi the message using its private signature key and tiie 
OSS. After the MKS has signed the message, tiie message becomes tiie authentication certificate for the 
secure chip 140. At a block 418, the creation of the autiientication certificate is complete. 

At a block 406, tiie MKS 100 will begin tiw creation of the iratidiration message for the secure 
15 chip 140. At a process block 408, the MKS 100 wiH create the structure for tiw initialization message. 
At a process Wock 410, the MKS 100 will add tiie secure chip private signature key that was geneipted 
at the process block 302 of Figure 3. <^ 

At the process block 412, tiie MKS 100 will add a PS load command imo the message. %4he 
process block 414, the MKS 100 will add an effective date and an expkation date for tiie initialiation 
20 message. At the process block 416, the MKS 100 wiB sign tiie initialization message using its own p^ate 
signature key and tfie OSS. At the process Mock 418, tiie creation of the initialization message is complete. 

Figure 4B Hhistrates the process for the secwe chip 140 to check tiie autiientication certificate 
obtained from tfie MKS 100, as represented by ttie process block 310 in Figure 3. and tfa process for the 
secure chip 140 to check the initialization message obtained from the MKS 100, as represented m the 

25 process block 312 of Figure 3. 

~ At a Wock 460, tiie process for checking the authentication certificate begins. At a process Wock 
462, tiie secure cWp 140 performs the signature verification algorithm of tiie OSS on tiie signature Wock 
of tiie autiientication certificate using the pubHc signature key of tiie MKS 100 to determine whether the 
autiientication certificate was signed by tt» MKS 100. At a decision block 464, tfie secure chip 140 

30 determines whether the signature verification was successful. If the verification was successful, then the 
secure chip 140 wffl advance to a process block 468. If the verification was unsuccessful, tiien tiie secure 
chip 140 wiU advance to a block 478. At tfie block 476, tiie secure chip 140 vinTl return from the process 
of Figure 48 witfi an error condition, because tfie etement attempting to personalize the secure cWp 140 is 
not the MKS 100. From tiie Wock 476. tfie secure chip 140 wiD retiirn to tfie process of Figure 3. 
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If the signature verification is successful, and the secure chip 140 advances to the process block 
466, the secure chip 140 will then check the content of the authorization data value contained in the 
authentication certificate. This data value will indicate whether the MKS 100 has authorized the secure chip 
140 to perforin its designated function of either personalizing other secure chips 140 or registering other 
5 elements of the communication system. At a process block 468, if the secure chip 140 determines that it 
is not authorized to perform its designated function, then the secure chip 140 will advance to the block 476. 
At this point, the secure chip 140 will return from the process of Figure 4B with an error condition, because 
of the failure of the MKS 100 to authorize the secure chip 140 to perform its function. Again, the secure 
chip 140 will return to the process of Figure 3. 
10 If the secure chip 140 determines that the MKS 100 has authorized the secure chip 140 to perform 

its function, then the secure chip 140 wilt advance to a process block 470. At the process block 470, the 
secure chip 140 will compare the effective date and the expiration date obtained from the authentication 
certificate against the manufacturing date code contained in the ROM of the secure chip 140. At a decision 
block 472, the secure chip 140 determines whether the authentication certificate is fresh. A certificate or 
15 message is fresh If its manufacturing date code falls between the effective date and the expiration date of 
the certificate or the message. 

If the secure chip 140 determines that the authentication certificate Is not fresh, then the secure 
chip 140 will advance to the block 476. At this point, the secure chip 140 will return from the process of 
Figure 4B with an error condition, because the authentication certificate Is invalid. The effective period of 
20 the certificate should at least cover the date code of the secure chip 140. Again, the secure chip 140 will 
return to the process of Figure 3. If the secure chip 140 determines that the authentication certificate Is 
fresh, then the secure chip 140 will advance to a Wock 474. At this point, the process of checking the 
authentication certificate has been completed, and the authentication certificate has passed the test. The 
secure chip 140 will return to the process of Figure 3 with no error condition. 
25 At a block 478, the process for checking the Initialization message begins. This process Is generally 

smilar-to the process for checking the authentication process, except as indicated below. At a process block 
480, the secure chip 140 verifies that the Inltlarizatlon message was signed by the MKS 100 by applying 
the MKS pubfic signature key, contained in the ROM of the secure chip 140, and the DSS. At a decision 
block 482, the secure chip 140 determines whether the verification was successful. If the verification was 
30 not successful, then the secure chip 140 will advance to the block 476 and return to the process of Figure 
3 with an error condition. If the secure chip 140 determines that the verification was successful, then the 
secure diip 140 wSl advance to a process block 484. 

At the process block 484, the secure chip 140 wlB check the content of the authorization data value 
in the InitiaHzation message. At a decision block 486, the secure chip 140 wfll determine whether the 
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authorization data value contains a load command. If there is mj load command, then the secure chip 140 
win advance to the Wock 476 and return to the process of Figure 3 with an error condition. If there is a 
load command, then the secure chip 140 will advance to a process block 488. 

At the process block 488. the serare cMp 140 will compare the effective date and the expiration 
5 date stored in the mitlrflzation message agairet the manufacturing date code of the secure chip 140. At a 
declsron block 490, the secure chip 140 will determine whether the WtiaTRatfon message is fresh. If the 
message is not fresh, then the secure chip 140 win advance to the block 476 and return to the process of 
figure 3 with an error condition. If the secure chip 140 determines that the message is fresh, then the 
secure chip 140 virfll advance to the block 492. At this point, the secure chip 140 win return to Figure 3. 
10 and the process of checking the initiafization message will have been have soccessfufly completed. 

figure 5 ilhistrates the process of personaBzing a secure chip for a channel 140 of an HE 114 or 
for a decoder 1 1B, 1 18 by a PS 108, as represented by the process block 208 of figure 2, and the process 
of personafeing a secure chip 140 for an ECS 108. an ECS-RS 110 or a UL 112 by the MKS-PS 104, as 
represented by the process block 210 of Figure 2. These processes are generally similar to the process of 
15 personaliring a secure chip 140 by the MKS 100, as described above with reference to Figure 3, except as 
indicated below. Both of these processes begin at a block 500. As a matter of oonvenience, both the PS 
108 and the MKS-PS 104 wrfll be referred to as a "personaBzing unit" for the description of the present 
personalization process. At a process block 502, the personalizing unit wiH generate a public/private si^ture 
key pair for the secure chip 140. The personalizing unit win also generate a pubUc/private encryption key 
20 pair, designated tiie rekey key pair. The rekey key pair may be generated trader any reliable public key 
encryption method. For example, the preferred embodiment wlH utilize tiie RSA encryption method. 

At a process bteck 504. the persoTORring unit win create an authentication certificate for the secure 
chip 140. TWs secure chip authentication certificate will be similar in structure and content to the secure 
chip authentication certificate created by the MKS 100 in the process btock 304 of figure 3. However, the 
25 present secure chip euthentication certificate wiD also contain the pubfic rekey key of the secure chip 140. 
The process for creating the authentication certificate wffl be described hi greater detafl below whh reference 
to Figure 6A. Appemfix A3 contains a table bnfleating tiie general format of the euthentication certificate 
for an HE 114, a decoder 116, 118, an ECS RS 110 or a Ul 1,12 off tiw preferred embodiraent. 

At a process Wock 506, tiie personafeing unit creates a secure chip initialization message. Again, 
30 the present secure chip initialization message is similar in stiructure and content to the secure chip 
initialization message created by the MKS 100 in the process block 308 of Figure 3. However, again, tiie 
present secure cWp initiafization message wiO also contain tin private rekey key for tiie secure chip 140. 
The process for creating the Wtialfeation message wiH be described m greater detail below with reference 
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to Figure 6A- Appendix A4 contains a table indicating the general format of the initialization message for 
an HE 114. a decoder 116, 118, an ECS-RS 110 or a UL 112 of the preferred embodiment. 

At a process block 508, the personalizing unit sends the authentication certificate of the 
personafeing unit, as well as the authentication certificate and the initialization message of the secure chip 

5 140, to the secure chip 140. The authentication certificate of the personalizing unrt was provided from the . 
MKS 100 to the personaHzing unit during the personalization of the personalizing unit in the process block 
206 of Figure 2. The authentication certificate and the initlafization message of the secure chip 140 were 
created in the process blocks 504 and 506, respectively. The transfer of the initialization message from the 
personafizing unit to the secure chip 140 must be done in a completely secure environment. Again, if an 

10 outsider obtains this message, then the outsider can impersonate the secure chip 140 to eavesdrop on 
communications that are intended to be private and to sign messages pretending to be the secure chip 140. 

At a process block 510, the secure chip 140 checks the authentication certificate of the 
personalizing unit, obtained in the process block 508. This process generally comprises two steps. First, 
the secure chip 140 will apply the MKS public signature key to the authentication certificate to ensure that 

15 the certificate was generated by the MKS 100. Second, the secure chip 140 will verify that the 
personalizing, unit was authorized by the MKS 100 to personalize additional secure chips 140. The process 
of checking the authentication certificate of the personafizing unit wfll be described in greater detail below 

with reference to Figure 6B. 

At a decision block 511, the secure chip 140 determines whetfier tije process of checking the 
20 authentication certificate of the personalizing unit performed at the process block 510 was successful, or 
whether it returned with an error condition. If the process returned with an error condition, tiien the secure 
chip 140 will advance to a process block 517 and abandon the personalization process. At the process block 
517. tiie secure chip 140 will return to the block 500 to restart the personalization process. If the process 
of checking the authentication certificate of the personalizing unit was successful tiiep the secure chip 140 

25 will advance to a process block 512. 

- At the process block 512, tiie secure chip 140 checks tiie authentication certificate of tiie secure 
chip 140, also obtained in the process block 508. Here, tiie secure chip 140 will apply the pubfic signature 
key of the personalizing unit to verify that the secure chip authentication certificate was signed by the 
personaKzing unit The secure chip 140 obteins the pubfic signature key of tiie personalizing unit from the 

30 authentication certificate of the personalizing unit. The process of checking the secure chip authentication 
certificate wiU be described in greater detail below vrith reference to Figure 6B. 

At a decision block 513, ti» secure chip 140 determines whettier tite process of checking the secure 
chip autiientication certificate performed In tiie process block 512 was successful, or whetiier it returned 
with an error condition. If the process returned witii an error condition, then the secure chip 140 will 
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dsfafanra to the pro(^ block 517 and abandon the personaGzation process. If the process of checking the 
^cure ^ authenfication certtficate was successful then the secure chip 140 will advance to a process 
block 514. 

At the process block 514, the secure chip 140 checks the tnittaifzation message of the secure diip 
5 140, also obtained in ike process btock 508. Again, the secure drip 140 will verify th^t the tmtiaiization 
message was signed by the personaiizbig unit The process of checking the initiafization m^s^e wfll be 
de^aibed in graater de^ below with reference to Figure 6B. The secure chip 140 wffl ensure that the 
private signature and re-key keys in the ini^lization messa^ are kept private. 

At a decision block 515, the secure chip 140 will determine whether the process of checking the 
10 imtializatian message perfwmed at the process block 514 was successful or whether it returned with an 
error condition. If the procros returned wttfi an error condition, then the secure chip 140 will advance to 
the process block 517 and abandon the personalization. If the process of checking the initialization message 
was successful, then the secure chip 140 will advance to a process block 516. % 

At the process block 516, the secure chip 140 stores the authenticatiDn certificate ot: the 
15 personalizing unit, as well as the authentication certificate and initialization message of the semire chip;440. 
At a (^ocess block 518, the seciffe chip 140 notifies the personalizing unit that the authentication certifies 
and the initialization message have been received and verified, and that the personalization of the secure^p 
140 has been completed. 

At a process block 520, the secure chip 140 runs a lock routine that is similar to the lock rffi^ine 
20 that e ctescribed above with reference to the process block 318 of Figwe 3. This lock routine prevents 
outsiders from attempting to re personalize a secure chip 140 or modify the contents of the memory that 
omtains the authmdcation certificates and the initialization message. At a process block 522^^ the 
personalizing unit destroys any copy of the secure chip private signature and re-key keys that the 
personafeing unit has retained. At this point only the secure chip 140 will have knowtedge of the prhrate 
25 slpature and re-key keys of the secure chip 140. At a btock 524, the personalization of the secure chip 
' 140 is complete. 

Figure 6A Hlustrates the process for creating a secure chip authentication osrttflcdte, as represented 
by the process block 504 in Figure 5, and tte process for creating a secure chip initiafization message, as 
represented by the precis block 606 in Flgiffe 5. These processes are generally sinuter to the processes 
30 dMcr*ed above with reference to Figure 4A, except as indicated. The process for creating the authentication 
certified begins at a UMk 800. At a process block 602, tfie perscmaHzing unit (reates ttie structure for 
the certificate. 

Barring agan to Figure 8A, at a process block 604, the persoralizing unit adds the secure chip 
public signature and re-key keys that were generated in the process block 502 of Figure 5 to the certificate. 
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At a process block 612, the personalizing unit adds an authorization data value to the certificate to indicate 
the function that the secure chip 140 is authorized to perform. The possible functions include the functions 
of a. channel 142 of a head end 114, a cable decoder box 116, a satellite decoder box 118, an ECS 108, 
an ECS RS 110 or a UL 112. 

5 At a process block 614, the personalizing unit will add a first date to the certificate to indicate the 

date on which the certificate will beconie effective and a second date to indicate the date on which the 
certificate will expire. At a process block 616, the personalizing unit will sign the certificate using the 
personalizing unit's private signature key and the DSS algorithm. At this point, the certificate will become 
the authentication certificate of the secure chip 140. After signing the certificate, the personalizing unit will 

10 advance to a block 618 to complete the process and return to Figure 5. 

The process for creating an initialization message begins at a block 606. At a process block 608, 
the personalizing unit creates the structure for the message. 

Returning to Figure 6 A, at a process block 610, the personalizing unit will add the private signature 
and re-key keys of the secure chip 140 to the message. The private signature and re key keys were 

15 generated in the process block 502 of Figure 5. 

At the process block 612, the personalizing unit will add a PS load command to the message. At 
the process block 614, the personalizing unit will add a first date to the message indicating the date on 
which the message will become effective and a second date indicating the date on which the message will 
expbe. 

20 At the process block 616, the personalizing unit will sign the message using the personalizing unit's 

private key and the OSS. At this point, the message will become the initialization message of the secure 
chip 140. Next, the personalizing unit will advance to the block 618 to complete the creation of the 
initialization message and return to Figure 5. 

Figure 68 illustrates the processes for a secure chip 140 to check the authentication certificate of 

25 the personalizing unit, the authentication certificate of the secure chip 140, and the initialization message 
of the secure chip 140. These processes are generally similar to the processes described above with 
reference to Figure 48, except as indicated. The process for checking the authentication certificate of the 
personalizing unit, as represented by the process block 510 in Hgure 5, begins at a block 660. At a process 
block 662, the secure chip 140 applies the public signature key of the MKS 100 and the DSS to determine 

30 whettier the authentication certificate of the personalizing unit was signed by the MKS 100. 

At a decision block 664, the secure chip 140 will determine whether the signature verification was 
successful If the verification was not successful, then the secure chip 140 will advance to a block 676. 
At this point the secure chip 140 will return to the process of Figure 5 with an error condition. 
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If the secure chip 140 deteimrnas that the signature verifii:ation was successful, then the secure 
chip 140 will advance to a process block 666. At tWs point, the secure cWp 140 v«H check the content 
of the authoreation data vahie in the authentication c^rtfTtcate. At a decision block 668, the secure chip 
140 wD determine vsAiether the personafehig unit was authorized to personallie addifional secure chips 140. 
5 If the pei^nairzing unit was not authorized to personalize adcfitional secure chips 140, then the secure chip 
140 will advanra to the block 676 and return to the process of Figure 5 vwth an error condition. 

If the secure chip 140 determines th^ the personalizing unit was authorized to persoraiize additional 
secure chips 140, then the secure chip 140 wiD advance to a process block 670. At the process block 670, 
the secure chip 140 will obtain tfie effective date and the expiration date of the authentication certificate, 
10 and compare these dates against the manufacturing date code of the secure chip 140. At a decisron block 
672, the secure chip 140 will determine whether the authentication certificate is fresh. If the certificate 
is not fresh, tiien the secure chip 140 wiH advance to the blodc 676 and return to the pro(^ of Figure 5 
with an error condition. 

As d^crSmd above, providing effective and exfm^ation dates for the authentrcation certificates helps 
15 to defeat pirate attempts. A secure chip 140 will not accept po^sonalizatton by a persorafizing wiit that has 
provitted an authentication certificate for wWch the effecthre and expiation dates do not coincide wi1te:the 
secure chip 140's manufacturing date code. Thus, each autitentication certificate will only be valid'*5r a 
limited number of manufacturing date codes. As a result, a pirate that has managed to steal a persww^iing 
unit will only be able to personaHze a limited number of secure chips 140. To miramize the rmmber of secure 
20 chips 140 that a pirate can personaHze under these circumstances, the effecthfe period for an wthentic^tion 
certificate shotdd be relatively short. Conscquentiy, a personalizing unit will typicaHy be ised for a^time 
period that extm)ds beyond the period of validity of the original mithmitication certificate. For this reason, 
the present inveirtion provides a cap^ity for the MKS 100 to communicate subsetiyent authentication 
certificates to the personalizing units of the system. Figure 1 illustrates a communication Hna 119 ovct 
25 whhdLtite MKS 100 can transmit autiientication certificates for tiie PS 106. 

To provide additional safeguards, the personalization routine of tiie secure chip 140 should be 
performed by a programm£rt)le jn^ocessing uirit within the secure chip 140 by executing a program contained 
in ROM, where tiie ROM is also located on tiie secure chip 140. This will prevent a pirate from modifying 
the fffirsonrfization roirtlne of a seaire dtip 140 to avoid verifying ttte authentication certificate of the 

^0 personaRting unit 

Returning to the decision Mock 672 of FIS. 6B, If the authentteation certificate is fresh, then the 
serare cWp 140 wifl advance to a Wock 874. At thb pomt, the process of checking ttie authentication 
certificate of tiie personalizing unit will be rocce^fidly completed, and tite seaire chip 140 wiU return 
execution to Figure 5. 
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The process for checking the authentication certificate of the secure chip 140, as represented by 
the process block 512 of Figure 5, begins at a block 678. At a process block 680. the secure chip 140 will 
apply the pubfic signature key of the personafHing unit and the OSS to verify whether the authentication 
certificate was signed by the personalizing unit. As described above, the public signature key of the 
5 personalizing unit is obtained from the authentication certificate of the personalizing unit 

At the decision block 664, the secure chip 140 wiO determine whether the signature verification was 
successful. If the verification was not successful, then the secure chip 140 wHI advance to the block 676 
and return to the process of Figure 5 with an error condition. 

If the verification was successful, then the secure chip 140 will advance to the process block 666. 
1 0 At this point, the secure chip 1 40 will check the coment of the authorization data value in the authentication 
certificate of the secure chip 140. At the decision block 668. the secure chip 140 will determine whether 
it has been authorized to perform its designated function. If It has not been properly authorized, then the 
secure chip 140 will advance to the block 676 and return to the process of Figure 5 with an error condition. 
If the secure chip 140 determines that it was properly authorized, then the secure chip 140 wfll 
15 advance to the process block 670. At this point, the secure chip 140 wfll compare the effective date and 
the expiration date of the authentication certificate with the manufacturing date code of the secure chip 140. 

At the decision block 672. the secure chip 140 will determine whether the authentication certificate 
is fresh. If the certificate is not fresh, then the secure chip 140 wiH advam» to the block 676 and return 
to the process of Figure 5 with an error condition. If the certificate is fresh, then the secure chip 140 will 
20 advance to the block 674. At this point, the process for checking the authentication certHicate of the secure 
chip 140 has been successfully completed and the secure chip 140 will return execution to Figure 5. 

The process for checking the initialization message of the secure chip 140, as represented by the 
process block 514 of Figure 5, begins at a block 682. At a process block 684. the secure chip 140 appFies 
the public signature key of the personalizing unit and the OSS to verify that the message was signed by the 

25 personalizing unit. 

" At 8 decision block 686. the secure chip 140 determines whether the signature verification was 
successful. If the verification was mit successful, then the secure chip 140 wiB advance to the block 676 
and return to the process of Figure 5 with an error condition. 

If the signature verification was successful, then the secure chip 140 vriD advance to a process 

30 block 688. At this point, the secure chip 140 will check the content of the authorization data value of the 
initialization message. At a decision block 690. the secure chip 140 wiB determine whether tiie message 
conta-ms a PS load command. If not. then tiie secure chip 140 advances to tfie block 676 and returns to 
the process of Figure 5 with an error comfition. Otiierwise, the secure chip 140 advances to a process block 
692. 
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At the process block 632. the secure chip 140 compam the effect«« date and the expiration date 
of the inltlatotion massage gainst the manufacturing date code of the secure chip 140. At a decision block 
694 tlie secure chip 140 determines whether the message is fresh. If not. then the secure chip 140 
advances to the btock 678 and returns to the process of Rgure 5 with an error condition. Otherw^e. the 
secure chip 140 advance to a block 698. m this point, the process of checking the initialization message 
has been successfully completed ami the secure chip 140 will return execution to Rgure 5. 

Rgure 7A iBustrates the process performed by the MKS-RS 102 to register the ECS-RS 110. the 
ECS 108 or tha UL 112. This process is repr^ented by the process block 212 in Figure 2. The process 

begins at a Mock 700. , 

At a process block 702. the MKS-RS 102 sends a "register here" message on commun«:at.on imes 
120 am. 122. shown in Rgure 1. to the ECS-RS 110. the ECS 108 or the UL 112. Appemlix A5 contam 
a table Imficating the general format of the 'r^ here" message of the preferred embod«nent. At a 
process block 704. the ECS-RS 110. the ECS 108 or the UL 112 wiU send a regatration request«o the 
MKS-RS 102 over communication Bm, 120 or 122 in respom« to the "register here" message. Appendnc AS 
contains a table indicating the general fomtat of the registration request of the preferred embodiment. The 
ECS-RS 110. the ECS 108 or the UL 112 wiU mgn the "register here" message using its own.pi.vate : 
signature key. This signed copy of the "re,pster here" message will form a part of the registration request. 
The registration request will also comain an authentication certificate of the requestor and an authenti^on 
cer^ficate of the requestor's persomdizing unit. In this case, the requestor will be an IZS^ 110, ap ECS 
108 or a UL 112. Each of these units can only be personalized by the MKS-PS 104. so the regisUafon 
requ'e^ wHl contain an authentication certificate of the MKS-PS 104. This authentication -tificate was 
communicated from the MKS-PS 104 to the secure chip 140 of the requesting umt « the process blo.k 508 

of Flwn 5. ... ..vQ PC 

At a pfoms block 706. tl» MKSJIS 102 wH chock the outhontication c«titaato of tho ms-fS 

,04.™l th. crtfffow th. ««« ch* 140 of th. r«^. Th. «rth»*ictU,« 

corf,,,at.. t.™* a d«* of «*.ntlc«h» tho In tl- p..»m 

„.««. .to MKS.RS 102 wM «nf, that th. »«h««lc«i». of th. MKMS 104 »» bV 

d» MKS 100, md that «» MKS 100 «»mM th. MKS-PS 104 1. pownalS. «l«ond aocor. daps 140. 
Tho tncS-RS 102 «i« ato «rtf, tha th. »th»tia«ta c»tlte.o of «» s««. chip 140 was sign.- b, 
th. I-UCS-PS 104. ani th« th. CMP 140 i. «*aH»>* t, p«f.m. a» 

mific«i». k.y .< "O"-"-. obBW f.«» «« ^ 

,orttl» ««t th. ™,u«t» h» . P*at. .i««at». k., c«™«».^ 
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verification key that has been indirectly authenticated by the MKS 100. The process of checking the 
authentication certificates will be described in greater detail below with reference to Figure 8. 

At a decision block 707, the MKS RS 102 determines whether the requestor has been authenticated 
and authorized, based on the check of the authentication certificates and the signature verification performed 
5 at the process block 706. If the requestor has not been authenticated and authorized, then the process will 
advance to a process block 709. At this point, the MKS RS 102 will abandon the registration process and 
return to the block 700 to restart the registration process. On the other hand, if the requestor has been 
authenticated and authorized, then the process will advance to a process block 708. 

At the process block 708, the MKS-RS 102 generates a cryptographic data element. The data 

1 0 element may comprise any information that can be used to establish a cryptographic link. For example, the 
data element may comprise an index or seed, an identifier or serial number, a secret key or an encryption 
key. In the preferred embodiment, the data element comprises an initial key package (IKP). Appendix A7 
contains a table indicating the general format of the IKP of the preferred embodiment. For subscriber 
television systems using systems for controlling access to television programs, the IKP will comprise 

1 5 cryptographic information required by the particular access control system. In a preferred embodiment, the 
IKP will be a CSKEY and an Entitlement Key that are double-length DES key pairs compatible with ANSI 
X9.1 7*1985. Numerous other reliable private key encryption techniques can also be used. In fact, different 
private key encryption techniques can be used simultaneously to establish different secure communication 
links within the system. The registration station can indicate which technique (or techniques) will be uised 

20 when the IKP is transmitted to the requestor. This also allows the technique to be changed, even as to a 
specific communication link, during a re-registration process. The IKP will preferably be unique to a 
communication link that will be established between the MKS 100 and the requestor, and it will not be given 
to any other element. 

At a process block 710, the MKS RS 102 encrypts the IKP using the requestor's public rekey key. 

25 The MKS-RS 102 obtains the requestor's public rekey key from the authentication certificate of the secure 
chip l40 The certificate was contained in the registration request. Only the requestor has the 
corresponding private rekey key* 

At a process block 712, the MKS RS 102 signs the IKP with its private signature key, and sends 
the encrypted and signed IKP to the requestor along with the birth certificate of the MKS-RS 1 02. This 

30 message is also transmitted across the communication line 120 or the communication line 122. Because the 
IKP is encrypted in the requestor's rekey key and because the birth certificate does not have to remain 
private, the commurrication Hnes 120 and 122 need not be private. Any pirate that may be eavesdropping 
on these communication lines will not be able to obtain any valuable information. The birth certificate of 
the MKS-RS 102 contains the authentication certificate of the secure chip 140 of the MKS RS 102. 
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GBircrstly, a birth certificate wffl afeo contain the auttientfcatton certificate of the personalizing umt that 
personalized the secure cWp 1^. However, ttie WK8-BS 102 was per^nafeed by tiie MKS 100. The MKS 
100 does rat have an atithentieation certificate becaose it is the trtisted authority. 

At a process Mock 718, the requestor sends an "OJT menage to the MKS RS 102 over the 

5 communication line 120 or 122. This message Indicates that the requestor has received ihe H(P. After the 
pro^s Wock 718, ttie process of Rgure 7 A proceeds with a pair of step seipiences that are performed in 
parallel. A first sequence comprises a process block 714, a dedsion block 715 and a process block 716. 
A second sequence comprises a process block 720 and a process block 722. 

In the first sequence, at the process block 714, the requestor diecks the authentication certificate 

10 of the secure chip 140 of the MKS-RS 102 and verifies the signature of ttie IKP. The process of checking 
the autiientication certificate of ttie seciro chip 140 of the MKS-RS 102 fe amBar to tfie process of checking 
the authentication certifteate of the secure chip 140 of the requestor in the process btock 706. The present 
process is described in greater detail below witti reference to Figure 8. ^ > 

At the decision block 715, ttte requestor determines wh^her the MKS-RS 102 has been 

15 authwiticated and authorized, based on the check of the authentication certificate and the signature 
verification performed at the process block 714. If the MKS-RS 102 has not been authenticated^ and 
autiiorlzed, then the procedure of Figure 7 A wilt advance to the process block 709 and the registration will 
be abandoned. If the MKS-RS 102 has been authenticated and autimrized, then the process of Figufe 7A 
wtH advance te the process block 716. At tiie process block 716, the requestor applies its privatet^key 

20 key to decrypt the message containing the IKP. The requestor then saves ttiese k^ for future 
cornmunications wrth the MKS 100. After ttie process Wock 716, the first sequence is complete. ' 

In tiie second sequence, at the process Wock 720, the MKS-RS 102 sends an "ECS-RS/ECS/UTAdd- 
message to the MKS 100. This message will contain the IKP that was sent to the requestor. This message 
wM also contain identifying infommtion related to the reipiestor, so that the MKS 100 can begin to send 

25 approinfete me^^s and Inftmnation to the requestor. TWs mes^ge mast te communicated in a secure 
environment However, the MKS-RS 102 is preferably located in the same location as the MKS 100. Thus, 
the same security measures that are ufifeed to eiKore the security of the MKS 100 can also be used to 
ensure the security of the arninuinication Hnk between the MKS 100 and the MKS-fQ 102. 

At the process Wock 722, tfie MKS^IS 102 wffl destroy any copies of the IKP that it has retained. 

30 The MKS 100 can now u» tiw IKP Mrrrajwrnding to tite spedfic requestor to estabHsh a private 
communication Hnk with tiie requestor. After tite process block 722, tfie second sequence Is complete. The 
regbtratfon of the EC84B 110, tite ECS 108, or the UL 112 wHI end at a Wock 724, after completion of 
both the first and the ^ond sequences. 
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Figure 7B illustrates the process performed by the ECS RS 110 to register a UL 112 or a channel 
142 of a head end 114, as represented by the process block 214 of Figure 2. This process is generally 
similar to the process of Figure 7A, except as indicated. The process begins at a block 730, 

At a process block 732, the ECS RS 110 sends a "register here" message to the head end 1 14 over 
5 the communication line 126 or to the UL 112 over the communication line 132. Upon receipt of this 
message, the head end channel 142 or the UL 112, at a process block 734, sends a registration request to 
the ECS RS 110, over the respective communication line 126, 132. The head end channel 142 or the UL 
112 will sign the "register here" message using its own private signature key. This signed copy of the 
"register here" message will form a part of the registration request. The registration request will also 
10 contain the authentication certificate of the requestor and the authentication certificate of the personalization 
station 108 or the MKS PS 104 that personalized the secure chip 140 of the requestor. As described 
above, the communication lines 126, 132 are preferably ordinary computer network lines. A message 
transmitted over these computer network lines 126, 132 will include a message header that will contain the 
computer network address corresponding to the head end channel 142 or the UL 112. This address will 
15 identify the location of the head end channel 142 or the UL 1 12 to the ECS RS 110. The message may also 
contain additionalrUentification information. 

At a process block 736, the ECS RS 110 checks the authentication certificates of the PS 106 or 
MKS-PS 104 and the requestor. This process is generally similar to the process of checking authentication 
certificates performed by the MKS-RS 102 in the process block 706^f Figure J A. This process is described 
20 in greater detail below with reference to Figure 8. In addition, at the process block 736, the ECS RS 110 
verifies the signed copy of the "register here" message using the public signature verification key of the 
requestor, obtained from the requestor's authentication certificate. This process verifies that the requestor 
has a private signature key that corresponds to the public signature verification key that has been indirectly 
authenticated by the MKS 100. 
25 At a decision block 737, the ECS RS 110 determines whether the requestor has been authenticated 

and authorized, based on the check of the authentication certificates and the signature vwification performed 
at the process block 736. If the requestor has not been authenticated and authorized, then the process will 
advance to a process block 739. At this point, the ECS RS 110 will abandon the registration process and 
return to the block 730 to restart the registration process. If the requestor has been authenticated and 
30 authorized, then the process will advance to a process block 738. 

At the process block 738, the ECS-RS 1 10 generates a cryptographic data element. Again, the data 
etement may con^rise any information that can to used to estabfish a cryptographic fink. In the preferred 
embodiment, the data element comprises an IKP. At a process btock 740, the ECS-RS 1 10 encrypts the new 
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tKP tmng the pobfic rekey key of the requestor. This puWic key was obtained from the authentication 
certificate of the requestor. 

At a process block 742, the ECS-RS 110 sips the IKP using its private signatore key, and sends 
the encrypted tKP to the requestor over the rammunicatien fm^ 128, 132. The ECS-IS 110 also sends a 

5 birth certificate to the requestor over the conununicatlon lines 126, 132. The birth certificate will otntain 
the authentication certtficate of the EC8-fiS 110 and the auttentication certiffeate of tiie MKS-PS 104. In 
addition, the birth certificate will contain a message indicating that tite secure chip 140 of tiie ECS-RS 110 
will have the authority to opiate as an ECS-RS 110. Again, this communicatton need not be made m a 
secure wwironment because ttte only vahiable information communicated, the IKP, Is encrypted in the public 

Id rekey key of the requestor. 

At a process block 748, the requestor will send an "OK" message to the ECS-RS 110 over the 
^ communication lines 126, 132. This message will Indicate tiiat the requestor has recehfed the IKP. After 
the process block 748, the process of Fipire 7B proceeds with a pair of step sequent that are perilled 
in parallel. A first sequence comprises a process btock 744, a ctecision Mock 745, and a process block 746. 

15 A second sequence comprises a process block 750 and a process btock 752. 

In the first sequence, at the [H'ocess Week 744, the requestor checks the authentication certivh:ate 
of the ECS-RS 110 and the MKS-PS 104, and verifies the stature of the IKP. The requestor will wrify 
that tiie autiienticatlon certificate of the MKS-PS 104 was signed by the MKS 1(M) and tfiat the MKS^OO 
granted autitority to the MKS-PS 104 to personafee additional secure cWps 140. Abo, the requestc^il 

20 check the authentication certificate of the ECS-RS 110 to verify that the certificate was signed by the 
appropriate MKS-PS 104 and that the ECS-RS 110 was granted tiie authority to function as a registration 
station. This process is described in greater detaB betew with reference to Figure 8. 

At the decision block 745, the requestor determines whether the ECS-RS 1 10 has been authenticated 
and autiioriied, based on tiie check of the authmrtlcation certificates and tite signature ybrification performed 

25 at thejiroisss btock 744. Iff the ECS-RS 1 10 has not bem authenticated and author, then ti« prowdure 
of Rgure 7B vwH advance to the process btock 738 and the registration will be abandoned. If the ECS-RS 
110 has been authenticated and authorized, titen the process of Rgure 7B will advance to a process btock 
746. 

At tite pro(«s block 746, the rcqrostor appBes Its own private rekey key to the encrypted IKP 
30 ref^ived from the ECS RS 1 10 and saves tire resulting keys. The requestor vwll not give th^ keys to any 
otiter element. Aftw the process block 748, the first sequence is complete. 

In the second sequent, at the proem Wodt 7i0, ttie E(^S 110 ssids a "had end channel add" 
or an "op Rnk add" message, atong wttli the new KP, to tiie ECS 108. This mess^ wffl also contam 
Wentifyfng Information related to tite head end channel 142 or tite 112. This communication nrnt be 



wo 95/23468 PCT/US95/02324 

-38- 

executed in a secure environment. Preferably, the ECS-RS 110 and the ECS 108 are both located in the 
same facility, and there are adequate precautions to ensure a secure environment. At the process block 752. 
the ECS-RS 110 will destroy any copies of the IKP that it has retained. At this point, the ECS 108 and the 
head channel 142 can establish a private communication link using the new IKP over the communication line 
5 124. or the ECS 108 and the UL 1 12 can establish a private communication link using the new IKP over the 
communication Ime 132. After the process block 752. the second sequence is complete. The registration . 
of the head end channel 142 or the UL 112 will end at a block 754. after completion of both the first and 
the second sequences. 

Figure 7C illustrates a process performed by the ECS-RS 110 to register a decoder 116. 118. as 
10 represented by the process block 218 in Figure 2. This process is generally similar to the process of Figure 
7A. except as indicated. The process begins at a block 760. 

At a process block 762. the ECS 108 sends a "register here" message to the head end 114 over 
the communication line 124 and to the UL 112 over the communication line 132. This message wiU contain 
a telephone number for the ECS-RS 110 and information about the location of the head end 114 or UL 112 
15 from which the message was received. At a process block 764, the head end 114 and the UL 112 
repethively send the "register here" message to the decoders 116, 118 over the communication fines 134. 
128. 136. 138. In the preferred embodiment, a decoder 116. 118 that has not yet been registered cannot 
understand any message or data that it receives, except for the "register here" message, because all other 
information is encrypted, and the decoder 116. 118 does not yet have the necessary keys to decrypt any 

20 of the information. 

At a process block 766. the decoder 116. 118 establishes a telephone fink with the ECS-RS 110 
over the communication line 130, 131 using the telephone number obtained from the "register here" message. 
The decoder 116. 118 sends the ECS-RS 110 a registration request. The decoder 116. 118 will sign th* 
"register here" message using its own private signature key. This signed copy of the "register here" message 

25 wni form a part of the registration request. The registration request will also contain the authentication 
certificate of the decoder 116. 118 and the authentication certificate of the personaTBation station 106 that 
personalized the decoder 116. 118. The registration request will also contain identification Information about 
the decoder 116, 118, such as a decoder serial number from a security element within the decoder box 116, 
118. As described ebove, the "register here" message contains the Identification of the head end 114 or 

30 the UL 1 12 semling the message. The "register here" message and the decoder serial number, coupled with 
the telephone number from which the decoder 1 16. 1 18 calls provide sufficient mforaiation to identify the 
subscriber corresponding to the decoder 116, 118. The telephone raimber from which the decoder cafis can 
be obtained using an Automatic Number Identification (AND feature of modem telephone systems. In the rare 
cases where ANI is not avanable. the telephone number can be programmed into the security element of the 
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decoder box 1 16, 1 18, as part of a process for installing a decoder 1 16. 1 18 into a subscriber's location. 
T\m subscriber's teleptione raimber can then be included in the registration leijuest. The above-described 
infororation will enable the ECS 108 to associate a particular set of decoder box keys to a particular 
subscriber to allow the subscriber to view the eortect progranis by unscrambling selected video signals. 
5 ASteniatiwBly, there are numerous other methods by which an ECS 108 can be informed as to which decoder 
box 116, 118 should be associated with which subscriber. Also, some implementations of the present 
invention may allocate to other units of a system the hmctions of determining which decoder boxes 116, 118 
sheuM be allowed to unscrantble which video signals. 

At a process block 768, the ECS-RS 110 checks the authentication certificate of the decoder 116, 
10 118 and the PS 108. This process is similar to the process of checking authenticatkm certificates of the 
process block 736 in Figure 7B. This process is described m greater detail below with reference to Figure 
8. The ECS-RS 110 wiH also verify the signed copy of the "register here" message using the public 
signature verificatwn key of the decoder box 116, 118, obtained from the authentication certificate^f the 
decoder box 1 1 6, 1 1 8. This process verifies that the decoder box 1 1 6, 11 8 has a private signature key that 
15 corresponds to the public signature verification key that has been indirectly authenticated by the MK5 100. 
At a dewsloB Wock 769, the ECS-RS 110 determines whether the decoder box 116, 118 haiv^een 
authemicated and authorized, based on the check of the authentication certificates and the sigpiture 
verification performed at the process block 768. If the decoder box 1 16, 118 has not been authenticated 
and authorized, then the process will advance to a process bteck 771. At this point, the ECS-RS 1 10 wijl 
20 abandon the registration process and return to the block 760 to restart the registration process. If the 
decoder box 116, 118 has been authenticated and authorized then the process wUI advance to a process 
Mock 770. 

At the process Wock 770, the ECS-RS 1 10 generates a cryptographic data element Again the data 
element may comprise any information that can be used to establish a cryptographic, fink. In the preferred 

25 embwfiment, the data element comprises an IKP. The new IKP wiB be used to establish a secure 
cominunh»tion link between the ECS 108 and the decoder box 1 16, 118. Wlessages between the ECS 108 
and the cable decoder box 116 can be transmitted over either of two messoge laths. First, the ECS 108 
can transmit a message over the communication Bne 124 to the head end 1 14, which wdl then transmit the 
message over communication fimi 134 to the decoder box 1 18, 118. Altematwety, the ECS 108 can transmit 

30 a message over communication line 132 to to UL 112. Then, the UL 112 can transmit the message along 
communication toe 128 to the head end 1 14, which will then transmit the message over communication line 
134 to the decoder box 118. Messages between the ECS 108 and the sateHHe decoder box 118 can also 
be transmitted over either of two message paths, hi either path, the ECS 108 will transmit a message over 
the communication line 132 to the UL 112. Then the UL 112 wHI either transmit the message directly to 
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the satellite decoder box 118 over communication line 138, or It will transmit the message to the HE 114 
over communication line 128* The HE 114 will then relay the message to the decoder box 118 over the 
communication line 13B. These communication paths will be well-known to a person of skill rn the art. 
At a process block 772, the ECS-RS 110 will encrypt the new IKP into the public rekey key of the 
5 decoder 116, 118. The ECS RS 110 obtains this public rekey key from the authentication certificate of the 
decoder 116. The certificate was contained in the registration request 

At a process block 774, the ECS-RS 110 signs the IKP with its private signature key, and sends 
the encrypted IKP along with a birth certificate, to the decoder 116, 118 over the communication line 130, 
131. Again, the communication line 130, 131 need not be a secure communication link, because the only 

10 valuable information, the IKP, is encrypted in the public rekey key of the decoder 116, 118. The birth 
certificate will contain the authentication certificate of the ECS-RS 110 and the authentication certificate 
of the MKS-PS 104. The birth certificate will also contain a message indicating that the secure chip 140 
of the decoder 116, 118 is authorized to operate as a decoder 116, 118. 

At a process block 780, the decoder 116, 1 18 will send an "OK** message to the ECS-RS 110 over 

15 the communication line 130, 131. This message indicates that the decoder 116, 118 has received the IKP. 
The decoder 116, 118 will then terminate the telephone call over the communicatton line 130, 131. After 
the process block 780, the process of Figure 7 C proceeds with a pair of step sequences that are performed 
in parallel. A first sequence comprises a process block 776, a decision block 777 and a process block 778. 
A second sequence comprises a process block 782 and a process block 784. 

20 In the first sequence, at the process block 776, the decoder 116, 118 checks the authentication 

certificate of the ECS RS 110 and the MKS-PS 104 and verifies the IKP signature. The process of checking 
the authentication certificates is similar to the process of checking authentication certificates of the process 
block 744 in Figure 78 and will be described in greater detail below with reference to Figure 8. 

At the decision block 777, the decoder 116, 118 determines whether the ECS-RS 110 has been 

25 authenticated and authorized, based on the check of the authentication certifkate and the signature 
verification performed at the process block 776. If the ECS RS 110 has not been authenticated and 
authorized, then the procedure of Figure 7C will advance to the process block 771 and the registration will 
be abandoned. If the ECS RS 1 10 has been authenticated and authorized, then the process of Figure 7C will 
advance to the process block 778. 

30 At the process block 778, the decoder 116, 118 applies its own private rekey key to decrypt the 

message containing the IKP. The decoder 116, 118 then saves the keys for future use in decrypting 
messages encrypted by the ECS 108. The decoder 116, 118 win not give any other element access to these 
keys. After the process block 778, the first sequence is complete. 
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In the second sequence, at the pnn^ block 782, the ECS-RS 110 semis a "decoder add" niessage. 
along with the new IKP, to the ECS 108. Hib messBge wfll also contain htenflfying infonnation related to 
the decoder 116, 118. Again, this message must be eommunrcated in a secure enwronment. Next at the 
process block 784. the ECS-RS 110 destroys any copies of the IKf that it has retained. Now the ECS 108 

5 and tite decoder box 116. 118 can establish a secure Kimnninicatioh Rnk using the new IKP. After the 
process block 784, the second sequence Is complete. The registrathm of the decoder 1 16. 1 18 will end at 
a block 786. after completion of both the first and tte second sequences. 

Figure 8 illustrates the processes for diecking an authentication certificate of both a personalizing 
unit and a secure chip 140. The personalizing unit may be a PS 106 or an MKS PS 104. The secure chip 

10 140 may be for an MKS-RS 102. an ECS-RS 1 10, an ECS 108, a UL 1 12, an HE channel 142. or a decoder 
116. 118. These processes are represented by the process blocks 708, 714, 736. 744, 768 and 776 of 
Figure 7. These processes will generally be similar to the processes represented by the process blocks 510 
and 512 of Figure 5. except as indicated. Thea processes will be executed by a verifying unit constituting 
an MKS RS 102, an ECS-RS 110, an ECS 108, a UL 112. a head end channel 142, or a decoder box 116, 

15 118. 

The process for checking the authentication certificate of a personalrang unit beg'ms at a btoek 800. 
At a process block 802, the verifying unit applies the public signature key of the MKS 100 and thei^S to 
verify that the certificate was signed by the MKS 100. At a decision block 804, the verifyiliigr unit 
determines whether the signature verification was successful, if not, thai the verifying unit proceeds to a 

20 block 820. At this point, the process for checking the authentication certificate ends with an error condition. 
If the verification was successful, then the verifying unit will proceed to a process block 806. 

At the process btock 806, the verifying unit will check the contem of the aatfiorization data value 
of the certificate. At a decision bteck 808, the verifying unit will detemtine whetiier the personalizing unit 
was authorized to personalize the secure chip 140. If not. then the verifying unit wlH proceed to the block 

25 820-and end the process with an error condition. Otherwise, the vwlfying imit wiH advance to a process 
block 810. 

At Ae process Mock 810, the verifying unit wfll compare the effective date and the expiration date 
of the authentication certificate against the current calendar date. At a dedston Mock 812. ttie verifying 
unit win determine whether the certificate is fresh. If not tite verifying unit will advance to the block 820 
30 and end tire process wfth an error condition. Otherwise, the verifytag unit vrfB advance to a block 814. At 
this poim, the process of checWng flie certificate Is complete and tfia verifying avk wiB return with no error 
condition. 
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As an additional safeguard against pirates, the registration routine of a verifying unit can be 
executed by a programmable processing unit on the secure chip 140, where the program is contained in ROM 
on the secure chip 140. This will prevent a pirate from avoiding the verification process. 

The process for checking the authentication certificate of the secure chip 140 of the unit that .s 
5 currently being authenticated begins at a block 816. At a process block 818, the verifying unit applies the 
public signature key of the personalizing unit (obtained from the authentication certificate of the personalmng 
unit) and the OSS to verify that the certificate was signed by the personalizing unit. At the decision block 
804 the verifying unit determines whether the signature verification was successful. If not, the verrfymg 
unit advances to the block 820 and ends the process with an error condition. Otherwise, the verifying unit 

10 advances to the process block 806. 

At the process block 806. the verifying unit checks the content of the authorization data value in 
the certificate. At the decision block 808. the verification unit determines whether the secure chip 140 of 
the unit being authenticated has been authorized to perform the appropriate functions. If not. then the 
verifying unit advances to the block 820 and ends the process with an error condition. Otherwise, the 
15 verifying unit advances to the process block 810. 

At the process block 810, the verifying unit compares the effective date and the expiration date of 
the certificate against the current date. At the decision block 812. the verifying unit detem«nes whether 
the certificate is fresh. If not. then the verifying unit advances to the block 820 and ends the process with 
an error condition. Otherwise, the verifying unit advances to the block 814. At this point, the verifying umt 
has successfully completed the check of the authentication certificate and returns to Figure 7. 

The method of the present invention will establish a number of secure communication Hnks between 
different elements of the subscriber television system. The MKS 100 will have a secure communication link 
with each of the ULs 112 in the system over the communication line 120. Also, the MKS 100 will have 
a secure communication link with each of the ECSs 108 in the system over the communication hne 122. 
The ECS 108 wlU have a secure communication Knk with the ULs 112 over the communication Ime 132. 
Each'of the ECSs 108 will establish a secure communication link with each of the head end channels 142 
over the communication fine 124. Each of the ECSs 108 in the system wffl estabUsh a secure communication 
link with each of the cable decoder boxes 116 over the communication Hnes 124 and 134. through the head 
end 114. and over the communication lines 132. 128 and 134 through the UL 112 and the head end 114. 
Also each of the ECSs 108 In the system wOl establish a secure communication link with each of the 
satellite decoder boxes 118 over the communication lines 132 and 138. through the UL 112. and over the 
communication lines 132, 128 and 136, through the UL 112 and the HE 114. Private communication 
messages can now be transferred across the secure communication links using the keys from the IKP loaded 
during the registration process. 



20 
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As dBScribBd above, the uplink 112 transmits video signals to the head end 114 over the 
communica^n fine 128 and to the satefflte decoder box 1 18 over the comniunication line 138. One or more 
of these video signals may be serambted. The head end 1 14 may unscramble one or more of the scrambled 
video signals reeehfsd from the opfink 1 12. The head end 1 14 wlB then Uansmit video signals to the vartous 
5 cable dfecoder boxes 1 16 In the system over the communication line 134 and to the various satelBte decoder 
boxes 118 over the communication line 136. One or more of the video signals received by the decoder box 
116, 118 may have been scrambled either by the bead end 114 or the uplink 112. The decoder box 116. 
118 may unscramble one or inore of the scrambled video signals that it recehfes. 

With the abovB^tescribed secure communication links, the ECS 108 can now comrol which channels 
10 each of the head ends 114 and each of the decoder boxes 116, 118 can unscramble. The ECS 108 wfll 
transmit a variety of keys to the upfink 1 12 over the communication line 132 using the secure communication 
Bnk. The uplink 112 can use *8$e various keys to scramble sonw or all of the video signals under the 
direction of the ECS 108. The ECS 108 can than control which video signals can be unscrambled the 
head end 114 by only sencSng the head end 114 the keys that correspond to the scrambled video signals 
15 for which reception is authorized at the head end 114. These keys will be Uaosmitted from the ECS 108 
to the head mi 114 over the communlcatton line 124 usmg the secure communication link. 

Similarly, the ECS 108 vwll send a variety of keys to the head end 114 over the communica^ line 
124 using the secure communication fink. The head end 1 14 will use this variety of keys to scrambte^der 
the direction of the ECS 108. one or more of the video signals sent to the cable decoder boxes Itfeover 
20 the communication line 134. The ECS 108 can now send selected keys to the diHerent decoder boxes 116, 
118 of the system to allow the decoder box 116, 118 to unscramble selected video signals that have been 
scrambled either by the uplink 1 12 or the head end 1 14. These keys wffl be transmitted from the ECS 108 
to the cable decoder box 116 over the communication line 124, through the head end 114, and over the 
communication fine 134, ushg the secure communication link. Alternatively, the ECS W)8 can send the keys 
25 over the commimfcatlon fine 132, through the uplink 112, over tiw communication line 128, tiwough the head 
end 114. and over ti» communication fine 134, using tiie secure communication fink. The ECS 108 will 
transmit keys to the satefflte decojter box 118, ower the communication fine 132. through the uplink 112, 
and over the communfcation fine 138, using the secure communication fink. Ahernatwely, the ECS 108 can 
send the keys over the cwnmunication fine 132, through the upfink 112, over tiie communication line 128. 
30 tiirough tiie head end 1 14, and over ti»e communication fine 136. again using tiie secure comnaunicatlon fink. 

. As an example of an entitiemert system for a subscriber television sy^em, assume a system witii 
video charaieb 2. 3 and 4 ami a cable decoder box 116 ami a satelRte decoder box IM. Assume tiiat the 
UL 112 transmits the vidw signals for eharaiels 2. 3 ami 4 to ttie HE 114 over communication Ime 128 and 
to the sateflite decoder box 1 18 over tiie communication fine 138. Also, «B5ume tiiat the HE 1 14 transmits 
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the video signals for channels 2. 3 and 4 to the cable decoder box 116 over the communication line 134. 
The ECS 108 may send encryption keys A and B to the UL 112 with instructions to scramble channel 2 
usint key A and channel 3 using key B. The ECS 108 may then send keys B. C and D to the HE 1 14 with 
instructions to unscramble channel 3 using key B. Insert some local programming information, and then 
5 rescramble the video signal using key C. The ECS 108 may also instruct the HE 1 14 to scramble channel 
4 using key D. If the subscriber with the caWe decoder box 116 has paid for channels 2 and 3, then the 
ECS 108 win send keys A and C to the sateflite decoder box 116 with instructions to unscramble channel 
2 using key A and to unscramble channel 3 using key C. If the subscriber with the satellite decoder box 
118 has paid for channels 3 and 4, then the ECS 108 will send keys B and D to the satellite decoder box 
10 118 with instructions to unscramble- channel 3 using key B and to unscramble channel 4 using key D. 

A person of skill in the art will understand from the above disclosure which keys in an entitlement 
system should be sent to each of the uplinks 112, to each of the head end channels 142. and to each of 
the decoder boxes 116. 118 In a subscriber television system. A person of skfll in the art will also 
understand the type of key that should be used based on the particular scrambling technique that is chosen. 
15 The preferred embodiment of the present invention will use a digital scrambling technique, several of which 
are disclosed in the prior art; although an analog technique could also be used. 

The method of the present invention, as applied to a subscriber television system, for distributing 
keys for scrambling and unscrambling video signals is a significant advance over existing subscriber television 
systems. Existing subscriber television systems are typically implemerted using decoder boxes that contain 
20 a key pemianently stored therein. Unlike the permanent storage of the public signature key of the MKS 100 
•m the present mvention, the keys stored in prior art decoder boxes function as private encryption keys for 
the decoder box. If a key of a decoder box is compromised, then each of the decoder boxes in the system, 
relying on that key, must be replaced. In an alternative design, each of the decoder boxes contains a 
replaceable security cartridge, where the key is pemianently stored in the cartridge. In this type of system.. 
25 if a security key is compromised, then each of the security cartridges, which contain that key. must be 
replaced. In a subscriber television system incorporating the present invention, there is no m^ed to have a 
private security key permanently associated with a given decoder box. If a decoder box unscrambling key 
has been compromised, then any decoder box utilizing that specific key can have a new key transmitted over 
a secure communication link, or the decoder box can be re-registered to again establish a secure 
30 communfcation link. The re registration process can be performed without any hardware change, saving large 
sums of money. In addition, the capability of the present invention to remotely download new keys to 
decoder boxes, instead of providing each decoder box with a permanent key. eliminates the need to track 
the permanent keys of various decoder boxes at a central location. Instead, a more local ECS 108 can track 
the downloaded keys for the decoder boxes within its control. This feature also allows decoder boxes and 
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Other equqKnent to be easily traraf erred to other subscriber television systems using the same or a 
compatible system. 

A person of skifl in the art will be able to apply the concepts of the present invention to establish 
(fifferent secure communication links in different communication systems, and also m systems for vwhich 

5 communication is not a primary objective. For otiier systems, tfie fon^ns of the MKS 100, tiro MKS-RS 
102. tiro MKS-PS 104 and tiie PS 106 can remain tiie sam. However, different op&ational units vtfill 
generally be required. Every operational urat. howrever, vnfl stiH cotrtain a secure chip 140. The ECS 108, 
the ECS-RS 110, the UL 112. the HE 114 and the decoder boxes 116. 118 may be replaced writh different 
operational units that perform tiie required operational functions of tiie different system. However, each of 

10 tiiB secure chips 140 will be personattred according to tiie metiiod of tfie present invention and tiie 
operational units will be registered according to tiie metiiod of tfie present invention. The functions 
performed by these different operational units, that are not related to estabfehing a secure cryptographic 
network, can vary vtfidely. Otiier systems may also use the MKS RS 102 to perform all registrations instead 
of having a Separate registration station, such as the ECS-RS 110. 
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APPENDIX A1 

Authentication Certificate for a PS, an MKS-PS or an MKS-RS 
. Certificate Header 

Certificate ID 
5 Issuer ID (-MKS) 

Issuers Certificate ID (-NULL) 
Effective Date 
Expiration Date 
Authorization Block 
^0 Authorization i-PS, MKS-PS, or MKS RS) 

Authorized ID 
Public Signature Key 
Key Header 

Variable Type (-Public Signature Key) 
15 Key ID 

Effective Date 
Expiration Date 
Public Signature Key Data 
Signature Block 

20 Public Signature Key ID f-MKS Pubfic Signature Key) 

Hash Algorithm ID 
Signature Algorithm ID 
Signature Data 
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APPEWmX A2 

Initialffation Iteage for a PS, an WH(S PS or an ftSKS^ 
Certificate Header 

Certificate ID 
5 Issuer ID (-MKS) 

l^ers Certifteate ID (-l\an.L) 
Effective Date 
Expiration Date 
Authorization Block 

10 Authorization {-PS load, MKS PS load, or MKS^S loadj 

Authorized ID 
Prhrate S^nature Key 
Key Header 

Varfable Type (-Prh^ate Sfnature Key) 
15 Key ID 

EffectWe Date 
Expiration Date 
Private Signature Key Data 
Signature Btock 

20 Pubfic Signature Key ID (-MKS Public Signature Key) 

Ha^ Algorithm ID 
Si^ture Algorithm ID 
Signature S^g 



V 
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Authentication Certificate for a HE, a Decoder, an ECS RS or a UL 
Certificate Header 

Certificate ID 
5 Issuer ID (-PS ID) 

Issuers Certificate ID (-ID of PS's certificate) 
Effective Date 
Expiration Date 
Authorization Block 
10 Authorization I -HE or Decoder) 

Authorized ID 
Public Signature Key 
Key Header 

Variable Type (-Public Signature Key) 
15 Key ID 

Effective Date 
Expiration Date 
Public Signature Key Data 
Public Encryption Key 
20 Variable Type (-Public Encryption Key) 

Key ID 

Effective Date 
Expiration Date 
Public Encryption Key Data 
25 Signature Block 

Pubfic Signature Key ID (-PS Public Signature 
Hash Algorithm ID 
Signature Algorithm ID 
Signature Data 

30 
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APPEMDIX A4 

Initiafaation Wtessage for a HE, a Decoder, an ECS-RS or a UL 
Certificate Header 

Certificate ID 
5 Issuer ID {-PS ID) 

Issuers Certificate 10 l-ID of PS^s rartificate) 
Effective Date 
Expiration Date 

Authorization Block 

Authorization ("HE load or Decoder load) 

Authorized ID 
Private Signature Key 
Key Header 

Variable Type (-Private Signature Key) 
15 Key ID 

Effective Date 
Expiration Date 
Private Signature Key Data 
Private Encryption Key 
20 Key Header 

Variable Type (-Private Encryption Key) 
Key ID 

Effective Date 
Expiration Date 
25 . Private Encryption Key Data 

Signature Block 

PubHc Signature Key ID I -PS Public Signature Key) 
Hash Algorithm ID 
Signature Atgortthm ID 
30 Signature Data 
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"Register Here" Message 
, Certificate Header 

Certificate ID 
5 Issuer ID (-MKS) 

Issuers Certificate ID HNULU 
Effective Date 
Expiration Date 
Authorization Block 
10 Authorization (-Register Here) 

Authorized ID (NULL or specific ID) 
Data Block (containing the ID, telephone number or network address of the ECS-RS designated 
the registration point for all units receiving this message). 

15 Signature Block 

Public Signature Key ID l-MKS Public Signature Key) 

Hash Algorithm ID 
Signature Algorithm ID 
Signature Data 
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APPEMDIX A6 

Registration Request 

Certificate Header 

Certificate tO 

5 Isstter 10 (*-ID of requesting unit) 

Is^rs Certificate ID (-ID of requesting unit's i^rt^icate) 
Effective Date 
Expiration Date 
Authorization Block 
10 Authorization (-Registration Request) 

Authorization ID (ID of ECS-RS designated in register here message) 
Data Block (containing the register here message which stimulated this request) 



Sf^ature ^ck 

15 PubRc Signature Key 10 (-10 of unit requiting registration) 

Hash Algorithm ID 
Signature Algorithm 10 
Signature Data 
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Initial Key Package 

. Certificate Header 

Certificate ID 
5 issuer ID (-RS ID) 

Issuers Certificate ID l-ID of RS's certificate) 
Effective Date 
Expiration Date 
Authorization Block 
10 Authorization (-Key Package) 

Authorized ID (ID of unit authorized to load this Key Package) 

Encrypted Key 

Key Header 

Variable Type (-Encrypted Key Package for a specific application) 

15 Key ID 

Effective Date 
Expiration Date 
Decryption Algorithm ID 
Decryption Key ID 

20 Encrypted Key Data (the encrypted key data required by the specific application) 

Signature Block 

Public Signature Key ID (-ECS RS Public Signature Key) 

Hash Algorithm ID 

Signature Algorithm ID 

25 Signature Data 
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ReM Type Defiidtions: 

^ Authornation - A speofic action or rofe the entity named in the Authorirad ID is authorized or 
psrmfttrf to perform. The signer of this certifirate grants this authornation by signing the certificate 

5 contaMng this aiithoriz^on. 

Authorization Block • An authorization for a named entity to perform a irarticular action or act in 

a particular role. 

Authorized ID - The unique identifier fi.B., name) of tiie entity granted tiie aaoaated authorization. 
CertifiestB Header - A Mode of information at the beginning of every certificate which identifies the 
10 certificate In terms of its source, its parent in a certificate chain, and its effective period. 

Certificate - A bteck of information consisting of a Certificate Header, zero or more Autiiorization 
Blocks, zero of more Keys (PubBc, Private, or Eroarypted), zero or more Data Blocks, and a Signature Block. 
An \ralid certificates are traceable via m arthentication chain to a Masters Public Signattire Key held in Read 
Only Memory (ROM) by aH Kitities. 
15 Certificate ID - An idaitification field (m- serial number) unique to this certificate. 

Data Block - A Block of data bytes wfth an application specific content and meaning. 

Data Block Data - The information bearing portion of a Data Block 

Data Bteck Length - The length of tiie Data Block Data portion of a Data Block. 

Decryption A^orithm ID - A code identifying the specific decryption algorithm needed to decrypt the 

20 associated Encrypted Key Data. 

Decryption Key ID • The Key ID of tiie key needed to decrypt the associated Encrypted Key Data. 
Effective Date - The earitest date tiut any of the data (Lfe, auftsrization block, keys, oUier data) 
contained in tiiis certificate may be conadsred vaRd for use by any entity receiving Has certificate. 

Encrypted Key • A bteck of Information containing a Key Header, a Decryption Algoritiun ID, a 
25 Decryption Key ID, and Encrypted Key Daa. This Information is sufficient for an authorized entity to decrypt 
the key. 

Encrypted Key Data • The actiial key In Its encrypted form. The content of tiiis fieW is dependent 
on the Varidite Type and Decryption Algeritimt. 

Expfratiort Date • The last date that any of tire data (ka, authorization bteck, keys, and other data) 
30 contained m tills certificate may be conMdered vaBd for use by any entity receanng this certiffcate. 

H»h Alpritiim ID • A code Identifying tite spacifie hash algoritiira used in generating tiiis signature. 

Issuer's Certificate 10 - The Certificate ID «rf the Public Certifusate containing tiie Issuer's pubHc 
Signature Key used to verify tiiis certificate and tiie autiiority to issue this type of certificate. 

Issuer ID - The unique Identifier (gj. name) of the entity issuing tfiis certificate. 
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Key Header - A block of information at the beginning of all keys consisting of a Variable Type, a 
Key ID. an Effective Date, and an Expiration Data. This information is an information tag for the key. 
Key ID • A unique identifier Mi, serial number) of a key. 

Private Decryption Key - The private decryption key is a block of information which permits 
5 decryption of digital data encrypted using a corresponding public encryption key. Included are time limits on " 
the authorized period of use of the key for data decryption. 

Private Decryption Key Data - The actual prwate decryption key data. The exact form and content 
of this data is determined by the associated Variable Type. 

Private Signature Key - The private signature key is a block of information which permits generation 
10 of a digital signature. This signature may be verified with a corresponding public signature key. 

Private Signature Key Data • The actual private signature key data. The exact fomi and content 
of this data is determined by the associated Variable Type. 

Public Encryption Key • The public encryption key is a block of information which pemiits encryption 
of data which may be decrypted only by using the corresponding Private decryptton key. Included are time 
15 limits on the authorized period of use of the key for encryption. 

Public Encryption Key Data - The actual public em:ryption key data. The exact form and content 
of this data is determined by the associated Variable Type. 

Public Signature Key • The public signature key is a block of information which permits verification 
of a signature generated with a corresponding Private Signature Key. Included are time limits on the 
20 authorized period of use of the key for signature verification. 

Pubnc Signature Key Data • The actual public signature key data. The exact fomi and content of 
this data is determined by the associated Variable Type. 

Public Signature Key ID - The Key ID of the Public Signature Key that must be used to verify this 

signature block. 

25 Signature Block • A block of information located at the end of a certificate. This signature contained 

in this block covers all of certificate except for the Signature Date. 

Signature Algorithm ID • A code Identifying the specific digital signature algorithm used to generate 
the Signature String contained within this Signature Block. 

Signature Data - The actual digital signature data. The exact form and content is determined by 
30 the Signature Algorithm within the Signature Block. 

Variable Type - A code which defines the type of a key IM. public signature key. Private encryption 

key, DES encryption/decryption key, etc.). 
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WHAT K CmmP IS : 

1. A method of establishing a cryptograplrte Rnfc between a registration statron (rs) (102) and 
an opCTathmal unh (otd HOB, 110, 112, 114, 116, 118) of a cryptographic system, said system comprfsmg 
said rs, said ott, a mas^ key station (inks) (100) and a pemmafoatii^n station (ps) (104), wherein the 
5 improvement in said method contprises the steps of: 

(a) initiafizing said mks and said ps by a method comprising the steps of: 
providing said mks with an encryption/decryption key pair consisting of an mks 

public signature key and an mks private signature key; 

providing said ps with an encryption/decryption key pair consisting of a ps public 
10 signature key and a ps private signature key; 

providing said ps ptririic ^a^ key to said mks; 
providing said mks pubfic signature k^ to said ps; 
creating a ps certificate in said mks by a method comprising the steps of: 

creatbfg a message contatning said ps public signature key and an 
15 authorization for said ps to personalize said ou; and 

signing said message wHh ^hi mks prWate signature key to create^^aid 
ps certifrcate; and 

communicating said ps certificate from said mks to said ps; 

(b) personalizing said rs by a method comprising the steps of: ' 
20 communicating a first copy of said ps certificate to said rs; 

generating, in said ps, an encryption/d^ryption key pair for said rs consisting of 
an rs pubBc signature key and an rs prhrata sipiature key; 

securely comrnunicating said rs pri^ signature key from said ps to said rs; 
deleting said rs prhrate ^gnature key from said ps; 
25 _ seating an rs certificate bi ps by a method comprising the steps erf : 

creathig a menage containing said rs public signature key; and 
sigdng said mra^ge with said ps private dgnature key to create said rs 
cartifteate; and 

communicating said rs certificate from said ps to said rs; 
30 (c) persmiatUng ssM ou by a method comprising the steps of: 

unnmunieating a second copy of said ps certificate to said ou; 
provhiing said mks pubRc stgnature key t0 said ou; 

verifying in ^ ou that s^d second ^(pf of said ps certificate was signed by said 
trks by apfrtyrng said mks puUte signature key; 
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verifying in said ou that said second copy of said ps certificate authorizes said ps 

to personalize said ou; 

generating an encryption/decryption key pair in said ps for said ou, said 
encryption/decryption key pair comprising an ou public encryption key and an ou private 
decryption key; 

securely communicating said ou private decryption key from said ps to said ou; 

deleting said ou private decryption key from said ps; 

creating in said ps an ou certificate for said ou by a method comprising the steps 

of: 

creating a message containing said ou pubFic encryption key; and 
signing said message with said ps private signature key to create said ou 
certificate for said ou; and 

communicating said ou certificate from said ps to said ou; and 
(d) registering said ou with said rs by a method comprising the steps of: 
communicating said ou certificate to said rs; 
communicating said second copy of said ps certificate to said rs; 
providing said mks public signature key to said rs; 

verifying in said rs that said second copy of said ps certificate was signed by said 
mks by applying said mks public signature key; 

verifying in said rs that said ou certificate was signed by said ps by applying said 
ps pubRc signature key. said ps public signature key having been obtained from said second 
copy of said ps certificate; 

communicating said rs certificate to said ou; 

communicating said first copy of said ps certificate to said ou; 

verifying in said ou that said first copy of said ps certificate was signed by said 
mks by applying said mks public signature key: 

verifying in said ou that said rs certificate was signed by said ps by applying said 
ps public signature key. said ps public signature key having been obtained from said first 

copy of said ps certificate; 

generating in said rs a cryptographic data element for said ou; 

encrypting said prwate encryption key in said ou public encryption key, said rs 
having obtained said ou public encryption key from said ou certificate; 

communicatmg said cryptographic data element, encrypted in said ou public 
encryption key, from said rs to said ou; and 
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deCTypting in sard ou said prfvste encryption key by applying said ou private 
decryption key. 

.2. The method of ClainFi 1, wherein said CTyptographic system comprises a communication 

system. 

3. The metttod of Cteim 2, wherein said communicatton system comfmses a ^bscriber 
television system. 

4. The method of Claim 1, wherein said rs 1102) and said ou 1108, 1 10, 112, 1 14, 1 18, 118) 
each comprise a secure chip (140), said seaire chip comprising a programmable proc^^r and a. read only 
memory, said read-only memory containing said nrics public signature key. 

5. The method of Cteim 4, wherein mi steps of verifying in said ou (108, 110, 112, 114, 
1 16, 118) that said second copy of said ps certificate was signed by said mks (IWJ) and of verifying in said 
ou that said ^cond copy of said ps create authorizes said ps (104) to persona&e said ou are 
accomjffished by said |trogran»nable processor of said secure chip (140) executing a program in said read only 
memory of said secure chip. 

6. The method of Claim 4, wherein said message craved during said method of creating said 
ps certificate adtSthmally contains an effectwe date and an expiration d^e for said ps certificate, wherein 
said read-only nwmory of said secure chip (140) additionally contains a manufacturing date code, and wherein 
said method for personalizing said ou (108, 110, 112, 114, 116, 118) additionally comprises the step of: 

verifying in said ou that said manufacturing date code in said read-only memory of said 
secure dnp is betw^n said effective date and s»d expiration date for said ps certificate. 

7. A cryptographic system having a first unit and a second unit, said first unit being connected 
to said second umt by a communicatien link, sad first imit performing a first functten, said second unit 
performing a second function, said second fiinction being different from said first hmction, wherein th^ 

improvement comprtees: 

^ first unit comprising a first cormmmication circuit, said first communication circuit 

comprisiiq a first secure circuit ^ 

said second tmit cmmprtoq a second eonnmmtc^n circuity said second communication 
drcoit comprising a second serare drcuit, vtfherem ^d first communication drcuit and said second 
communication circuit Interfece to estahfeh a cryptographfc Bnk between said first unit and said 
secoiid ^ over said ctmummication Bnk, each of said secure circuits containing faif ormation needed 
to ^tablteh said cryptographic Knk between said first unit and mi second unit. 

8. The cryptograpKc system of Clairo 7, wherein said system functions primarily as a 
communication system. 



wo 95/23468 PCT/US95/02324 

-58- 

9. The cryptographic system of Claim 8, wherein said system functions as a subscriber 
television system. 

10. The cryptooraphic system of Claim 7, wherein said first secure circuit compfises a first 
secure integrated circuit (140), wherein said second secure circuit comprises a second secure integrated 

5 circuit, wherein said first secure integrated circuit comprises a first programmable processor and a first read- 
only memory, wherein said second secure integrated circuit comprises a second programmable processor and 
a second read-only memory, and wherein said information needed to establish said cryptographic link is 
contained in said first and said second read-only memories. 

11. The cryptographic system of Claim 10, wherein said information contained in each of said 
10 read only memories includes a public signature key of a trusted authority. 

1 2. The cryptographic system of Claim 1 1 , wherein said information contained in said first read- 
only memory additionally includes a program executed by said first programmable processor for authenticating 
said second unit, and wherein said information contained in said second read only manory additionally includes 
a program executed by said second programmable processor for authenticating said first unit. 

15 13. The cryptographic system of Claim 10, wherein said system further comprises a third unit 

and a trusted authority, wherein said trusted authority authorizes said third unit to provide said first unit with 
a public key and a corresponding prWate key, said third unit generates said public key and said private key 
for said first unit, said first unit provides said second unit with said public key from said third unit, said 
information contained in each of said read-only memories containing a program for determining whether said 
20 third unit has been authorized by said trusted authority to provide said public key and said private key, said 
second communication circuit receding said private key from said third unit only after said second secure 
circuit has executed said program to determine that said third unit has been authorized by said trusted 
authority to provide said public key and said private key. 

14. A method of establishing a cryptographic link between a first unit and a second unit in a 
25 cryptographic system, said second unit being connected to said first unit by a communication Bnk, wherein 
the improvement in said method comprises the steps of: 

generating a first public key pair comprising a first pubfic key and a first private key; 
securely conmiunicating said first private key to said first unit; 
securely communicating said first public key to said second unit; 
30 generating, in said second unit, a first cryptographic data element for use with said first 

unit; 

encrypting, in said second unit, said first cryptographic data element using said first public 

key; 
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communicating said first cryptographic data element, encrypted in said first public key, from 
said second unit to said first unit; 

decrypting, in said first unit, said first CTyptographic data element by applying said first 

private key; and 

5 communicating private messages between saW first unit and said set^nd unit using said first 

cryptographic data element. 

15. The method of Claim 14, wheran the method further comprises the steps of: 

sending a first authentrcation certificate to said second unit, said first authentication 
certificate authenticatmg said first public key; and 
^0 authentfcating said first unit in said second unit using said fffst authentication certificate. 

16. The method of Claim 15, wherein the method further comprises the steps of: 
generating a second pubTic key pair consfetlng of a second pubRc key and a second private 

key; ^ 
securely comnnmicatlng said second prlvBte key to said second unit; 
15 securely communicating saW second public key to said first unh; 

sendmg a second autttentlcation certificate to said first unit said second authentication 
certificate authenticating said second public key; and 

authenticating said second unit in said first unit using said second authentication certificate. 

17. The method of Claim 16, wherein said cryptographic system cwnprises a communication 

20 system. 

18. The method of Claim 17, wherem said commonicatmn systwn comprises a subscriber 
televtsron system. 

19. The method of Claim 16, wherein said first private key is suitaWe for creatmg digital 
signatures and said first pubHc key is suitable for verifying digital signatures. 

26 20. The method of Claim 18, whereto said fkst and second authentication certificates comprise, 

respectively, first and second chains of authentication certificates, each of saW certificates in said first chain 
of authentication certificates and each of said certificates In said second cham of autiienttcation certificates 
compridng: 

a data vahie bidlcatlng a function ttiat a subject of the certificate wiH be authorized to 

30 perform; 

an effective date for the certificate; and 
an expiration date for the certificate. 
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21. The method of Claim 20. wherein said second unit comprises a secure integrated circuit 
(140) containing a programmable processor and a read only memory, and wherein said read-only memory 

contains a manufacturing date code. 

22. The method of Claim 21. wherein said authentication of said first unit is accomplished by 
5 said processor in said secure integrated circuit (140) of said second unit by executing a program contained 

in said read-only memory of said secure Integrated circuit of said second unit. 

23. The method of Claim 22. wherein said authentication of said first unit in said second unit 

comprises the step of: 

verifying that said manufacturing date code in said read-only memory of said secure chip 
10 1140) is between said effective date and said expiration date for said certificate. 

24. The method of Claim 1 6, wherein said first and second authentication cerfif icates comprise, 
respectively, first and second chains of authentication certificates, and wherein said system additionally 
comprises a trusted authority (100) having a public signature key and a corresponding private signature key. 
wherein said first chain of authentication certificates links said first unit to said trusted authority and said 

15 second chain of authentication certificates links said second unit to said trusted authority. 

25. The method of Claim 24, wherein authenticating- of said first unit in said second unit Is 
accomplished by applying an appropriate public signature key to each of the certificates m said first chain 
of authentication certificates, beginning with said public signature key of said trusted authority OOO) and 
authenticating of said second unit in said first unit is accomplished by applying an appropriate public signature 

20 key to each of the certificates in said second chain of authentication certificates, beginning with said public 

signature key of said trusted authority. 

26. The method of Claim 25, wherein authenticating said first unit in said second unit by 

appHcation of an appropriate public signature key comprises the steps of: 

obtaining said first chain of authentication certificates linking said first unit to said trusted 
25 authority (100). each of said authentication certificates being generated by an authority to 

- authenticate a subject of the certificate, each authority having a public signature key and a 
corresponding private signature key, each subject having a public signature key and a corresponding 
private signature key, each of said authentication certificates containing the pubfic signature key of 
the respecthfe subject of the certificate and being signed by the respective authority of the 
30 certificate using the private signature key of the authority, a first authentication certificate of said 

chain being generated by said trusted authority, each subsequent authentication certificate of said 
Cham, » any. being generated by the subject of the previous authentication certificate, a last 
authentication certificate of said chain authenticating said first unit; 
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checkins said first authenticatiBn certificate of said chain of authentication certificates by 

a method comprising the steps of: 

verifying that said first authentication certificate has been signed by said trusted 
authority by applying said pobfic signature itey obtained from said trusted authority; and 
5 verifying that said first aothentiEatian eertificats contains the pubFrc signature key 

of the subjB^ of the first authenticatron cer^rate; and 

checldng each subsequent authentication certificate, if any. of said chain of authentication 
certificates by a method comprising the steps of: 

obtaintng the pubHc signature key of the autiwrity of the subsequem authentication 
^0 certificate from the previous authentication rartificate; 

verifying that tiie subsequent arthentication certificate has been signed by the 
authority of said subsetjuent authentication certificate by said public signature key 

of said auttiortty of said subsetjuent autlwntication certificate; and 

verifying tiiat the subsequent autiientication certificate contains the pubHc signature 

^5 key of the subject of the suteequent authentication certificate. 

27. The method of Claim 25, wherein said second unit comprises a secure Integrated crcuit 
(140) containing a programmable processor and a read-only memory, and vi/herein said read only memory 
contains said public signature key of said trusted authority (100). 

28. The method of Claim 27, wherein the authentication of said first unit is accomplished by 
20 said processor in said secure integrated circuit (140) of said second unit by executing a program contained 

in said read-only memory of said secure integrated circuit of said second unit. 

29. The method of Claim 16, wherein said system additionally comprises a tiwd unrt. wherein 
said third unit generates said first public key pair and securely communicates said first private key to said 
first unit and securely communicates said first public key to said second unit, and wherein said third unit 

25 generates said second pubUc key pair and securely communicates said second private key to said second unit 
and securely communicates said second public key to said first unit. 

30. The method of Claim 29. wherein the method additionaDy comprises the steps of. 
deleting said first private key from said tfiird unit; and 

dieting said second private key hrom said tiwd unit. 
30 31 . The method of Claim 30, wherein saki first private key is securely communicated from said 

tiiird unit to said first unit by a method compriang tiie steps of: 

providing a first public signature key to said first unit said first pubRc signature key 
corresponding to a first private signature key possessed by said third unit; 

creating a message in said tiilrd unh. said massage containing said first prwate key; 
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digitally signing, said message in said ttiird unit using said first private signature key; 
securely transmitting said digitally signed message containing said first private key to said 

first unit; and 

verifying in said first unit that said message wras signed by said third unit by applying said 

5 first public signature key. 

32. The method of Claim 31. additionally comprising the step of performing in said first unit 
a verification function to verify that said third unit has been authorized by a trusted authority (100) to 
provide said first public key pair, said trusted authority having a second public signature key and a 
corresponding second private signature key, said verification function comprising the steps of: 
10 receiving In said first unit a certificate containing said first public signature key and a 

message indicating that said third unit has been authorized by said trusted authority to provide said 
first public key pair, said certificate having been signed with said second private signature key; 
obtaining said second public signature key; 

applying said second public signature key to said certificate to verify that said certificate 
15 was signed by said trusted authority; and 

reading said message in said certificate to determine vohether said third unit has been 
authorized to provide said first public key pair. 
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